Jump to content

goodgame empire ads


Recommended Posts

Hi,
Strange appearance of ads on my browser
I use only firefox

However, I am forced to use IE only to login to my serveilance IP address which requires IE

Anyhow this ad shows up occasionally on my login page for my serveilance also which is very strange considering I'm not even going out to the internet for anything yet. The IP page is on the LAN so there should be no ads there at all.

I would not really call it a poppup but it seems to be part of the page.

See screen shot of this and categorize this please

goodgame_empire1.png

goodgame_empire2.png

goodgame_empire3.png


goodgame_empire4.png


Thanks



 

Link to post
Share on other sites

  • Replies 52
  • Created
  • Last Reply

Top Posters In This Topic

All of the goodgame empire stuff showing the mission directive and game ad is what I'm concerned about. I don't believe they should be there even though they look like web ads on the page.

I think my browser is producing these and not actually on the site itself. Just FYI
If someone could help explain what this is and what I'm looking at. Is this a known malware /virus ?
I noticed they come up sometimes on the Iracing login screen too and I have no doubt that should not be there.

malwarebytes does not produce any detections, all previous scans and detections as of yesterday have either been cleaned and / or now do not find any new suspected detections


 

Link to post
Share on other sites

Hi,

 

Welcome to Malwarebytes' Support Forums! I am Blackbird and I will help you removing any malware that might be present on your computer.

 

Those ads are produced by the web page you visit, for sure. Those can be equal on different sites, for example by 'cookie based cross site advertising'. Read this article to get more information about this: Advertising and Embedded Content.

 

However, I still want to check your system for any active malware. Therefor, please follow-up the following directions:

 

 

An important WARNING to all individuals reading this topic:
All advice in this topic was given specifically for this user and this computer!! Performing instructions given by me in this topic on other computers may harm your computer's infrastructure and can cause serious damage to them!!
Please don't perform the steps given by me or other Helpers in this topic when you are not the original Topic Starter, but start your own topic with a question for help. You will get help from a trained and qualified Helper to clean up your computer from any present malware when you do so.


General rules:
  • From now on, don't use this computer anymore to access your bank account or any other serious business where you have to login for, untill I've told you your computer is clean from malware.
  • Be patient waiting for my answer. I'm doing the best I can to answer to logs as soon as possible, but I'm handling multiple topics at the same time. Please feel free to remind me of your topic by sending a link to it by private message, when I didn't get back to you after 24 hours.
  • Don't change anything on your computer in the period I'm helping you, except when I tell you to do so. So don't add/remove any software (programs, drivers, etc.) and don't change any hardware. If you really need to change something that can't wait, please inform me directly, by posting it in this topic or - if private - send me a private message containing an explanation of the changes made by you. This gives me the possibility to give you good advice.


Rules about advices from me:
  • The Helpers active on this board first got a full training in removing malware and providing support to people who got infected. Also they were trained to resolve any problems caused by malware infections. Please use the programs I provide to you only when under supervision of a trained Helper. This, because using these programs without supervision can cause damage to your computer.
  • It's possible that your virus scanner, anti-spyware program or any other malware protection program or policy tries to block one or more of the programs provided by us. If that is the case, please always allow those programs to run and/or allow the provided changes to be made. If needed to run our tools properly, temporarily disable your anti-malware programs.
  • Always Save tools provided by me to your Desktop, unless I give you other instructions. Don't ever run tools directly from the internet, because this can stop them from working properly. Also never save tools to any other locations than your Desktop.
  • If you have any problems while following my instructions, stop there and tell me the exact nature of the issue.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit.



Rules about posting results:

  • Always copy/paste the logfiles in your replies completely. If a logfile doesn't fit into one post, please add the logfile as an attachment instead. If this still won't work, please inform me.
  • Never change something in the logfiles!! Include them in your posts as they were provided by the tools. This way I'll get a clear view on your system's situation. If you change the logfiles, it will take more time to clean up your computer.
  • Don't post logs using CODE, QUOTE or FONT tags. Just post them as direct text.


Things I want you to do before performing the steps below:
  • Please enable your system to show hidden files: How to see hidden files in Windows.
  • Make sure you're subscribed to this topic. Click on the Follow This Topic button at the top right of this page, make sure that the Receive Notification box is checked and that it is set to Instantly.
  • Even though we do the best we can to help you, removing malware includes risks. Therefor I advise you to back-up all of your important files to a CD/DVD, external drive or flash drive. For instructions/help, take a look here.



-------------------------------------------------------------------------------------------------------------------------------------------------------
Thanks in advance for keeping above rules in mind. :)
Maybe they look like unnecessary rules, but practice teaches us they are needed to help.

Now, let's continue with the steps you need to do:
-------------------------------------------------------------------------------------------------------------------------------------------------------

1. We need to temporarily disable any cd-emulators active on your computer, as they can impede the interpretation of logfiles provided by our tools.

  • Download Defogger and save it to your Desktop.
  • Right-click Defogger.exe and select Run as Administrator.
  • When the program has opened, click the Disable button.
  • When Defogger asks for a confirmation, click Yes.
  • Wait untill you get the "Finished" message. Click OK.
  • When Defogger asks you to restart the system, please allow the program to do so immediately.


  • When an error occured while using Defogger, look for a file called "defogger_disable.txt", which should be located at your Desktop. Post the contents of this file into your next reply.
  • You can enable the cd-emulator software again by running Defogger again and clicking the "Re-enable" button. Only do this when I told you your computer is clean again.


2. Download AdwCleaner and save it to your Desktop.
  • Close all open windows.
  • Right-click AdwCleaner.exe and select Run as Administrator.
  • When the program has started, click the Scan button and wait untill the scan has finished.
  • Make sure everything (on all tabs) is selected, and click the Delete button.
  • It's possible that AdwCleaner asks you to restart the system. It's important that you agree with this.
  • After restart a logfile will appear. Please post the contents of that logfile in your next reply.



3. Download Malwarebytes' Anti-Malware and save it to your Desktop.
If you already got Malwarebytes' Anti-Malware installed on your computer, please go to step 3-A.



3-A. Start Malwarebytes' Anti-Malware.

  • On the Dashboard tab, click the Update Now button, to update the definitions to the latest version.
  • Then click the Scan tab. Select Custom Scan and click the Start Scan button.
  • In the window that appears, check the box next to Scan for Rootkits. Also, select all drives, except for CD/DVD-drives. After you have done this, click Start Scan.
  • Follow the instructions given by Malwarebytes' Anti-Malware.
  • If any items were found during the scan process, Malwarebytes' Anti-Malware will ask you what you want to do with those items. Please quarantine all items.
  • It's possible the program asks you for permission to restart the computer. If so, please allow MBAM to do so immediately.
  • Save the logfile in txt-format and copy/paste it in your next reply.
  • Note: If you can't find the logfile, look at the "History" tab. Select the most recent logfile (you can see the creation date in the log's title).


4. Please read and perform the steps described on this page: I'm infected - What do I do now?.
Post the logfile from Farbar Recovery Scan Tool into your next reply.

5. Download GMER Rootkit Scanner and save it to your Desktop.
NOTE: Windows 8 users can skip this step. GMER Rootkit Scanner isn't compatible with Windows 8. Don't run it.
  • Right-click the GMER executable file (which's name will contain 8 digits/characters) and select Run as Administrator.
  • If GMER warns you about possible rootkit activity and asks you to scan for rootkits, DON'T allow GMER to do so.
  • Under "Files", put a checkmark next to Quick Scan.
  • Remove the checkmark next to Show all.
  • Now, click the Scan button.
  • Note: This scan often provides False Positives in the scan results. Never fix anything found by Gmer, unless I instructed you to do so!
  • If the scan's finished, click Save and save the log to your Desktop.
  • Post GMER's logfile into your next reply.



6. Please provide me a detailed description of any computer problems you're facing, together with the logfiles mentioned in step 1 - 6.

Good luck! :)

Link to post
Share on other sites

Ok I'll work on those instructions and I'm in no rush it's not actually hurting anything and I only use my windows boot up to play games that won't run on linux
It seems very strange that those ads are not present for ANY pages on linux / firefox,  but only on my windows 7 64bit, bootup

iRacing has them at the bottom of their page from time to time and it covers a large portion of the lower screen. I'm quit sure it should not be there. I doubt seriously that iRacing would even allow this on their front page.

I'll get some scans/logs together and post it thanks for the help in identifying and possibly correcting this if it indeed malware or adware of some sort



 

Link to post
Share on other sites

Hi there,

 

No problem, but please report back within three days. If you don't, your topic will be closed due to lack of feedback. There are also users that simply just don't respond anymore after a couple of replies, therefor we got this policy.

 

Good luck and I hope to hear from you soon. :)

Link to post
Share on other sites

OK, sorry I'll get it all done today

It is not causing a problem that I can tell and I'm not even sure it is maleware/adware but it does seem strange the same ad is everywhere and shows up even on my IE browser where I don't even go out to the web. I only go to the lan IP for my security system only because it's IE only system.

There should be NO ads on that IP page for my security system login at all.

That is the thing that really raised the red flag for me mostly.
 

Link to post
Share on other sites

Hi, I ran defogger but it didn't ask me for a restart, just had a finish button and I restarted manually just in case
I followed the instructions to unhide everything and show extensions etc.
Then downloaded and ran AdwCleaner

If did find some things and never showed a delete button but rather a clean button, so I selected clean.
The log shows this stupid BoBrowser key item; and I know that should not be there. I removed this with other scanners/fixers, and it seems to keep appearing in some key form or another.

Anyhow here is the log of the AdwCleaner, i'll post back on the next process in a few.

Thanks

# AdwCleaner v4.107 - Report created 14/01/2015 at 12:05:32
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Agent86 - AGENT86-PC
# Running from : C:\Users\Agent86\Downloads\adwcleaner_4.107.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\Agent86\AppData\Roaming\Mozilla\Firefox\Profiles\bshy3bmp.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{430B2D8B-00F8-4C62-914C-7904C00FB5F7}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\NoVooITSet
Key Deleted : HKCU\Software\BoBrowser
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Clara

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0 (x86 en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [1599 octets] - [14/01/2015 12:01:55]
AdwCleaner[s0].txt - [1299 octets] - [14/01/2015 12:05:32]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1359 octets] ##########




 

Link to post
Share on other sites

Malwarebytes log, this one took a long time to my surprise and I'm not sure it actually completed
Usually there an option to fix something or view details before closing the app but it seems to have closed on it's own.
I did not see any errors but I never did a custom scan before so I don't know if that is normal

Anyhow nothing detected here:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/14/2015
Scan Time: 12:20:51 PM
Logfile: 01-14-15.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.14.07
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Agent86

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 592927
Time Elapsed: 1 hr, 59 min, 34 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

gmer

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-01-14 15:54:06
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_DT01ACA100 rev.MS2OA750 931.51GB
Running: vwq3bj8g.exe; Driver: C:\Users\Agent86\AppData\Local\Temp\fxriqfog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 448                                                          fffff800039a5000 45 bytes [00, 00, 17, 00, 4E, 74, 66, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 495                                                          fffff800039a502f 10 bytes [00, 01, 00, 06, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files\AVAST Software\Avast\avastui.exe[4712] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter        0000000074d48791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[236] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000076ba1401 2 bytes JMP 74d6b21b C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[236] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000076ba1419 2 bytes JMP 74d6b346 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000076ba1431 2 bytes JMP 74de8ea9 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      0000000076ba144a 2 bytes CALL 74d448ad C:\Windows\syswow64\kernel32.dll
.text     ...                                                                                                                         * 9
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[236] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         0000000076ba14dd 2 bytes JMP 74de87a2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[236] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  0000000076ba14f5 2 bytes JMP 74de8978 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[236] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         0000000076ba150d 2 bytes JMP 74de8698 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[236] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000076ba1525 2 bytes JMP 74de8a62 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[236] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        0000000076ba153d 2 bytes JMP 74d5fca8 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[236] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000076ba1555 2 bytes JMP 74d668ef C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[236] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      0000000076ba156d 2 bytes JMP 74de8f61 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[236] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000076ba1585 2 bytes JMP 74de8ac2 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[236] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           0000000076ba159d 2 bytes JMP 74de865c C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[236] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        0000000076ba15b5 2 bytes JMP 74d5fd41 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[236] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      0000000076ba15cd 2 bytes JMP 74d6b2dc C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[236] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  0000000076ba16b2 2 bytes JMP 74de8e24 C:\Windows\syswow64\kernel32.dll
.text     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[236] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  0000000076ba16bd 2 bytes JMP 74de85f1 C:\Windows\syswow64\kernel32.dll
?         C:\Windows\system32\mssprxy.dll [236] entry point in ".rdata" section                                                       000000006ce871e6

---- Threads - GMER 2.1 ----

Thread    C:\Windows\System32\svchost.exe [2336:3496]                                                                                 000007fef3299688

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                       unknown MBR code

---- EOF - GMER 2.1 ----
 

Link to post
Share on other sites

Sorry I didn't post them all in one post

Anyhow I am not having any computer problems currently all running perfectly

AMD FX 8350 8 core
16GB Ram
GTX 970 video
onboard realtech sound

All peripherals working well on both OS's
Windows 7 64bit and linux Ubuntu 14.04 64bit dual booting and working fine.

I am mostly concerned about these embedded content, if indeed this is part of the embedded content or something else

I am considering disabling or removing all plugins to see if that has anything to do with this but I don't believe so since this occurs on IE browser too which I do not even use except for my security camera system.

Anyhow that is what the scans produced.
Thanks


 

Link to post
Share on other sites

Oops sorry
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by Agent86 (administrator) on AGENT86-PC on 15-01-2015 15:48:05
Running from C:\Users\Agent86\Downloads
Loaded Profiles: Agent86 (Available profiles: Agent86)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) C:\Program Files (x86)\iRacing\iRacingService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\Gaming Mouse\hid.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\Gaming Mouse\trayicon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Farbar) C:\Users\Agent86\Downloads\FRST64(2).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-18] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Gaming Mouse\hid.exe [262656 2013-04-11] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2993030579-955168000-2236405169-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2993030579-955168000-2236405169-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.6/
HKU\S-1-5-21-2993030579-955168000-2236405169-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2993030579-955168000-2236405169-1000 -> DefaultScope {2AAC893C-3A01-41CA-BBD9-D721BFDCA843} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US0D20141222&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2993030579-955168000-2236405169-1000 -> {2AAC893C-3A01-41CA-BBD9-D721BFDCA843} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US0D20141222&p={SearchTerms}
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D9305048-DD6B-4EDF-8706-096EBE24E1D7} http://192.168.1.6/IPCWeb.cab
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Agent86\AppData\Roaming\Mozilla\Firefox\Profiles\bshy3bmp.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: my.yahoo.com
FF Keyword.URL: https://search.yahoo.com/search?fr=mcafee&type=B111US0D20141222&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Agent86\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin HKU\S-1-5-21-2993030579-955168000-2236405169-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Agent86\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Xmarks - C:\Users\Agent86\AppData\Roaming\Mozilla\Firefox\Profiles\bshy3bmp.default\Extensions\foxmarks@kei.com [2014-11-22]
FF Extension: Super Web Accelerator ! - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\firefox [2014-12-22]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-01-31]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-09]

Chrome:
=======
CHR Profile: C:\Users\Agent86\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-01-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-12-18] (Perfect World Entertainment Inc)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-09] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-09] (Avast Software)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 iRacingService; C:\Program Files (x86)\iRacing\iRacingService.exe [798840 2015-01-08] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [34640 2012-08-09] (ASRock Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-09] ()
R3 DroidCam; C:\Windows\System32\DRIVERS\droidcam.sys [33080 2014-12-25] (Dev47Apps)
R3 DroidCamVideo; C:\Windows\System32\DRIVERS\droidcamvideo.sys [228408 2014-12-25] (Dev47Apps)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 PSMNBUS; C:\Windows\System32\DRIVERS\PSMNBUS.sys [102784 2011-10-07] (DEVGURU Co., LTD.)
S3 PSMNMDM; C:\Windows\System32\DRIVERS\PSMNMDM.sys [183680 2011-10-07] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PSMNMDMVSP; C:\Windows\System32\DRIVERS\PSMNMDMVSP.sys [183808 2011-10-07] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PSMNMSMVSP; C:\Windows\System32\DRIVERS\PSMNMSMVSP.sys [183808 2011-10-07] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PSMNNET61; C:\Windows\System32\DRIVERS\PSMNNET61.sys [113408 2011-10-07] (DEVGURU Co., LTD.)
S3 PSMNRMNET; C:\Windows\System32\DRIVERS\PSMNRMNET.sys [63744 2011-10-07] (DEVGURU Co., LTD.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-09] (Avast Software)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MFE_RR; \??\C:\Users\Agent86\AppData\Local\Temp\mfe_rr.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
U2 TMAgent; No ImagePath
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 15:47 - 2015-01-15 15:47 - 02125312 _____ (Farbar) C:\Users\Agent86\Downloads\FRST64(2).exe
2015-01-15 15:34 - 2015-01-15 15:34 - 00000197 _____ () C:\Windows\system32\2015-01-15-20-34-01.065-AvastVBoxSVC.exe-4196.log
2015-01-14 16:24 - 2015-01-14 16:24 - 00000197 _____ () C:\Windows\system32\2015-01-14-21-24-15.062-AvastVBoxSVC.exe-3716.log
2015-01-14 16:20 - 2015-01-14 16:20 - 00000248 _____ () C:\Users\Agent86\Downloads\defogger_enable.log
2015-01-14 16:19 - 2015-01-14 16:19 - 00050477 _____ () C:\Users\Agent86\Downloads\Defogger(1).exe
2015-01-14 15:54 - 2015-01-14 15:54 - 00005163 _____ () C:\Users\Agent86\Documents\gmer_scan.log
2015-01-14 14:45 - 2015-01-14 14:45 - 00380416 _____ () C:\Users\Agent86\Downloads\vwq3bj8g.exe
2015-01-14 14:42 - 2015-01-14 14:42 - 00001069 _____ () C:\Users\Agent86\Documents\01-14-15.txt
2015-01-14 12:18 - 2015-01-14 12:18 - 00000197 _____ () C:\Windows\system32\2015-01-14-17-18-53.083-AvastVBoxSVC.exe-3176.log
2015-01-14 12:08 - 2015-01-14 12:08 - 00000197 _____ () C:\Windows\system32\2015-01-14-17-08-49.028-AvastVBoxSVC.exe-3048.log
2015-01-14 12:06 - 2015-01-14 12:16 - 00000624 _____ () C:\Windows\PFRO.log
2015-01-14 12:01 - 2015-01-14 12:15 - 00000000 ____D () C:\AdwCleaner
2015-01-14 12:01 - 2015-01-14 12:01 - 02191360 _____ () C:\Users\Agent86\Downloads\adwcleaner_4.107.exe
2015-01-14 11:22 - 2015-01-14 11:22 - 00000197 _____ () C:\Windows\system32\2015-01-14-16-22-16.007-AvastVBoxSVC.exe-3220.log
2015-01-14 11:19 - 2015-01-14 11:20 - 00000476 _____ () C:\Users\Agent86\Downloads\defogger_disable.log
2015-01-14 11:18 - 2015-01-14 11:19 - 00050477 _____ () C:\Users\Agent86\Downloads\Defogger.exe
2015-01-14 08:21 - 2015-01-14 08:21 - 00000197 _____ () C:\Windows\system32\2015-01-14-13-21-50.076-AvastVBoxSVC.exe-4060.log
2015-01-14 08:10 - 2014-12-12 19:47 - 00620176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-01-14 08:06 - 2014-12-13 05:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-14 08:06 - 2014-12-13 05:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 00391488 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 00346944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-14 08:06 - 2014-10-09 12:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-01-14 08:06 - 2014-10-09 12:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-01-14 08:06 - 2014-10-09 02:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2015-01-14 08:02 - 2015-01-14 08:02 - 00000197 _____ () C:\Windows\system32\2015-01-14-13-02-02.064-AvastVBoxSVC.exe-2912.log
2015-01-13 17:07 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 17:07 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 17:07 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 17:07 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 17:07 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 17:07 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 17:07 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 17:07 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 17:07 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 17:07 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 17:07 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 17:07 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 17:07 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 13:42 - 2015-01-13 13:42 - 00000197 _____ () C:\Windows\system32\2015-01-13-18-42-25.051-AvastVBoxSVC.exe-3028.log
2015-01-12 13:22 - 2015-01-12 13:23 - 00000197 _____ () C:\Windows\system32\2015-01-12-18-22-42.075-AvastVBoxSVC.exe-4296.log
2015-01-11 09:30 - 2015-01-11 09:31 - 00000197 _____ () C:\Windows\system32\2015-01-11-14-30-58.063-AvastVBoxSVC.exe-4652.log
2015-01-10 09:14 - 2015-01-10 09:14 - 00000197 _____ () C:\Windows\system32\2015-01-10-14-14-13.021-AvastVBoxSVC.exe-1960.log
2015-01-09 15:56 - 2015-01-15 15:33 - 00003575 _____ () C:\Windows\setupact.log
2015-01-09 15:56 - 2015-01-09 15:56 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-09 15:29 - 2015-01-09 15:29 - 18467928 _____ () C:\Users\Agent86\Downloads\RogueKillerX64(1).exe
2015-01-09 15:25 - 2015-01-09 15:25 - 02124288 _____ (Farbar) C:\Users\Agent86\Downloads\FRST64(1).exe
2015-01-09 15:13 - 2015-01-09 15:13 - 00151050 _____ () C:\Users\Agent86\Documents\cc_20150109_151303.reg
2015-01-09 14:50 - 2015-01-09 14:50 - 00000247 _____ () C:\Windows\system32\2015-01-09-19-50-06.058-aswFe.exe-5204.log
2015-01-09 14:41 - 2015-01-09 14:50 - 00000247 _____ () C:\Windows\system32\2015-01-09-19-41-22.065-aswFe.exe-3144.log
2015-01-09 14:41 - 2015-01-09 14:41 - 00000197 _____ () C:\Windows\system32\2015-01-09-19-41-16.072-AvastVBoxSVC.exe-3900.log
2015-01-09 14:30 - 2015-01-09 14:30 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\AVAST Software
2015-01-09 14:28 - 2015-01-09 14:28 - 00001924 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-09 14:28 - 2015-01-09 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-09 14:27 - 2015-01-14 11:22 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-09 14:27 - 2015-01-09 14:28 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-01-09 14:27 - 2015-01-09 14:26 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-01-09 14:27 - 2015-01-09 14:26 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-09 14:27 - 2015-01-09 14:26 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-09 14:27 - 2015-01-09 14:26 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-09 14:27 - 2015-01-09 14:26 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-09 14:27 - 2015-01-09 14:26 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-09 14:26 - 2015-01-09 14:27 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-09 14:26 - 2015-01-09 14:26 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-09 14:26 - 2015-01-09 14:26 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-09 14:24 - 2015-01-09 14:24 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-09 14:22 - 2015-01-09 14:22 - 05006864 _____ (AVAST Software) C:\Users\Agent86\Downloads\avast_free_antivirus_setup_online.exe
2015-01-09 14:04 - 2015-01-09 14:04 - 00004490 _____ () C:\Users\Agent86\Documents\1-09-15.txt
2015-01-06 15:31 - 2015-01-06 15:31 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-12-31 22:32 - 2014-12-31 22:32 - 00000000 ____D () C:\Users\Public\Documents\Arc
2014-12-25 22:16 - 2014-12-25 22:16 - 00000000 ____D () C:\Users\Agent86\.gradle
2014-12-25 22:15 - 2014-12-25 22:15 - 00000000 ____D () C:\Users\Agent86\AndroidStudioProjects
2014-12-25 09:37 - 2014-12-25 11:05 - 00000022 _____ () C:\ProgramData\droidcam-settings
2014-12-25 09:16 - 2014-12-25 09:16 - 00001022 _____ () C:\Users\Agent86\Desktop\DroidCamApp.lnk
2014-12-25 09:16 - 2014-12-25 09:16 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DroidCam
2014-12-25 09:14 - 2014-12-25 09:16 - 00000000 ____D () C:\Program Files (x86)\DroidCam
2014-12-25 09:14 - 2014-12-25 09:14 - 00228408 _____ (Dev47Apps) C:\Windows\system32\Drivers\droidcamvideo.sys
2014-12-25 09:14 - 2014-12-25 09:14 - 00033080 _____ (Dev47Apps) C:\Windows\system32\Drivers\droidcam.sys
2014-12-25 09:14 - 2014-12-25 09:14 - 00000000 ____D () C:\Users\Agent86\Downloads\DroidCam.Client.5.0.1
2014-12-25 09:11 - 2014-12-25 09:13 - 00871092 _____ () C:\Users\Agent86\Downloads\DroidCam.Client.5.0.1.zip
2014-12-22 21:29 - 2015-01-09 15:12 - 00000000 ____D () C:\Users\Agent86\AppData\Local\CrashDumps
2014-12-22 21:04 - 2014-12-22 21:04 - 00000222 _____ () C:\Users\Agent86\Desktop\Wargame AirLand Battle.url
2014-12-22 14:47 - 2014-12-22 14:47 - 00001067 _____ () C:\Users\Agent86\Documents\12-22current2.txt
2014-12-22 14:20 - 2014-12-22 14:20 - 00001306 _____ () C:\Users\Agent86\Documents\12-22current.txt
2014-12-22 13:23 - 2015-01-09 15:29 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-22 13:23 - 2014-12-22 13:23 - 18315864 _____ () C:\Users\Agent86\Downloads\RogueKillerX64.exe
2014-12-22 13:23 - 2014-12-22 13:23 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-22 13:21 - 2014-12-22 13:22 - 00028753 _____ () C:\Users\Agent86\Downloads\Addition.txt
2014-12-22 13:20 - 2015-01-15 15:48 - 00015471 _____ () C:\Users\Agent86\Downloads\FRST.txt
2014-12-22 13:20 - 2015-01-15 15:48 - 00000000 ____D () C:\FRST
2014-12-22 13:20 - 2014-12-22 13:20 - 02122240 _____ (Farbar) C:\Users\Agent86\Downloads\FRST64.exe
2014-12-22 10:21 - 2014-12-22 10:21 - 00008568 _____ () C:\Users\Agent86\Documents\12-22b.txt
2014-12-22 10:20 - 2014-12-22 10:20 - 00008568 _____ () C:\Users\Agent86\Documents\12-22a.txt
2014-12-22 10:15 - 2014-12-22 10:19 - 00008567 _____ () C:\Users\Agent86\Documents\12-20.txt
2014-12-22 09:01 - 2014-12-22 09:01 - 05292448 _____ (McAfee, Inc.) C:\Users\Agent86\Downloads\McAfeeSetup-AutoLogin.exe
2014-12-22 08:50 - 2015-01-09 14:06 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\jellylam
2014-12-22 08:50 - 2015-01-06 11:35 - 00000852 __RSH () C:\ProgramData\ntuser.pol
2014-12-22 08:46 - 2014-12-22 08:53 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-12-22 08:45 - 2014-12-22 08:45 - 00000036 _____ () C:\Users\Agent86\AppData\Local\housecall.guid.cache
2014-12-22 08:34 - 2014-12-22 08:34 - 00000000 ____D () C:\Users\Agent86\AppData\Local\Trend Micro
2014-12-22 08:30 - 2014-12-22 08:30 - 06630224 _____ (Trend Micro Inc.) C:\Users\Agent86\Downloads\TrendMicro_TAV_8.0_US-en_Downloader.exe
2014-12-22 08:27 - 2014-12-22 08:27 - 00002611 _____ () C:\Users\Agent86\.recently-used.xbel
2014-12-22 07:33 - 2014-12-22 07:33 - 00000197 _____ () C:\Windows\system32\2014-12-22-12-33-32.088-AvastVBoxSVC.exe-972.log
2014-12-21 21:20 - 2014-12-21 21:20 - 00000197 _____ () C:\Windows\system32\2014-12-22-02-20-00.083-AvastVBoxSVC.exe-4040.log
2014-12-21 21:15 - 2014-12-21 21:15 - 00012112 _____ () C:\Users\Agent86\Documents\cc_20141221_211509.reg
2014-12-21 10:43 - 2014-12-21 10:43 - 00000197 _____ () C:\Windows\system32\2014-12-21-15-43-13.079-AvastVBoxSVC.exe-4340.log
2014-12-21 10:17 - 2014-12-21 10:17 - 00000197 _____ () C:\Windows\system32\2014-12-21-15-17-34.095-AvastVBoxSVC.exe-4348.log
2014-12-21 09:19 - 2014-12-21 09:19 - 00000197 _____ () C:\Windows\system32\2014-12-21-14-19-02.016-AvastVBoxSVC.exe-2856.log
2014-12-20 20:56 - 2014-12-20 20:56 - 00000197 _____ () C:\Windows\system32\2014-12-21-01-56-37.038-AvastVBoxSVC.exe-3132.log
2014-12-20 20:50 - 2014-12-20 20:50 - 00016206 _____ () C:\Users\Agent86\Documents\cc_20141220_205017.reg
2014-12-20 20:49 - 2014-12-20 20:49 - 00174110 _____ () C:\Users\Agent86\Documents\cc_20141220_204938.reg
2014-12-20 20:42 - 2014-12-20 20:42 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-12-20 20:42 - 2014-12-20 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-20 20:42 - 2014-12-20 20:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-20 19:51 - 2014-12-20 19:51 - 00000247 _____ () C:\Windows\system32\2014-12-21-00-51-38.060-aswFe.exe-5896.log
2014-12-20 19:45 - 2014-12-20 19:51 - 00000247 _____ () C:\Windows\system32\2014-12-21-00-45-10.049-aswFe.exe-4200.log
2014-12-20 19:45 - 2014-12-20 19:45 - 00000197 _____ () C:\Windows\system32\2014-12-21-00-45-02.057-AvastVBoxSVC.exe-6016.log
2014-12-20 19:35 - 2014-12-20 19:35 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-12-20 19:35 - 2014-12-20 19:35 - 00000000 ____D () C:\Windows\system32\vbox
2014-12-20 19:33 - 2014-12-20 19:34 - 00000000 ____D () C:\NPE
2014-12-20 19:29 - 2014-12-20 20:32 - 00000000 ____D () C:\Users\Agent86\AppData\Local\NPE
2014-12-20 19:29 - 2014-12-20 19:29 - 00000000 ____D () C:\ProgramData\Norton
2014-12-20 18:40 - 2015-01-14 12:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-20 18:39 - 2014-12-20 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-20 18:39 - 2014-12-20 18:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-20 18:39 - 2014-12-20 18:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-20 18:39 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-20 18:39 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-20 18:39 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-19 19:08 - 2014-12-22 08:42 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-19 19:08 - 2014-12-22 08:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-12-19 07:45 - 2014-12-19 07:45 - 00000000 ____D () C:\.Trash-1000
2014-12-18 23:06 - 2014-12-18 23:06 - 00013821 _____ () C:\Windows\system32\PSMNsetup_20141218.log
2014-12-18 20:55 - 2014-12-18 20:55 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_PSMNNET61_01009.Wdf
2014-12-18 20:52 - 2014-12-18 20:52 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2014-12-18 20:52 - 2014-12-18 20:52 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_PSMNRMNET_01009.Wdf
2014-12-18 18:32 - 2015-01-06 11:35 - 00003764 _____ () C:\Windows\System32\Tasks\Convertor
2014-12-18 18:32 - 2015-01-06 11:35 - 00003280 _____ () C:\Windows\System32\Tasks\Winsta Update
2014-12-18 18:32 - 2015-01-06 11:35 - 00000000 ____D () C:\Program Files (x86)\Winsta
2014-12-18 18:32 - 2014-12-18 18:32 - 00000376 _____ () C:\Users\Agent86\AppData\Local\VC2MmUT.vbs
2014-12-18 18:32 - 2014-12-18 18:32 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\PDFConvert
2014-12-18 18:32 - 2014-12-18 18:32 - 00000000 ____D () C:\Program Files (x86)\Convertor
2014-12-18 17:06 - 2014-12-18 20:05 - 00000000 ____D () C:\Users\Agent86\.android
2014-12-18 17:06 - 2014-12-18 17:06 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\JetBrains
2014-12-18 17:06 - 2014-12-18 17:06 - 00000000 ____D () C:\Users\Agent86\.AndroidStudio
2014-12-18 17:06 - 2014-12-18 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2014-12-18 17:01 - 2014-12-18 17:01 - 00000000 ____D () C:\Users\Agent86\AppData\Local\Android
2014-12-18 17:00 - 2014-12-18 17:00 - 00000000 ____D () C:\Program Files\Android
2014-12-18 16:57 - 2014-12-18 16:57 - 00000000 ____D () C:\Users\Agent86\.jmc
2014-12-18 16:55 - 2014-12-18 16:55 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-12-18 16:55 - 2014-12-18 16:55 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-12-18 16:55 - 2014-12-18 16:55 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-12-18 16:55 - 2014-12-18 16:55 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-12-18 16:55 - 2014-12-18 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-12-18 16:54 - 2014-12-18 16:55 - 00000000 ____D () C:\Program Files\Java
2014-12-18 15:33 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 15:33 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 08:21 - 2014-11-22 05:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-12-17 08:21 - 2014-11-22 05:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 15:46 - 2013-05-25 04:43 - 01176703 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 15:42 - 2013-08-14 20:15 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 15:42 - 2013-05-25 10:54 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-15 15:41 - 2009-07-13 23:45 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 15:41 - 2009-07-13 23:45 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 15:36 - 2013-05-24 15:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-15 15:33 - 2013-05-24 14:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-15 15:33 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-14 21:27 - 2013-05-25 19:18 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\TS3Client
2015-01-14 16:20 - 2013-05-24 13:45 - 00000000 ____D () C:\Users\Agent86
2015-01-14 08:10 - 2013-05-24 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-14 08:02 - 2013-05-24 15:06 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 08:02 - 2013-05-24 15:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 08:02 - 2013-05-24 15:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-09 15:12 - 2014-05-02 11:55 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-09 14:24 - 2013-05-24 15:20 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-09 14:20 - 2013-05-24 14:07 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-09 14:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Web
2015-01-08 20:24 - 2014-09-06 13:10 - 00000000 ____D () C:\Program Files (x86)\iRacing
2015-01-06 11:30 - 2009-07-14 00:08 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-06 04:36 - 2013-05-24 14:26 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-31 22:32 - 2014-02-15 19:46 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\Arc
2014-12-26 21:29 - 2013-10-18 16:23 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-26 21:29 - 2013-06-22 19:27 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-25 10:49 - 2014-11-19 13:38 - 00000000 ___RD () C:\Users\Agent86\Dropbox
2014-12-25 09:37 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-25 09:26 - 2014-11-19 13:36 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\Dropbox
2014-12-22 21:27 - 2013-06-10 16:18 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-22 21:04 - 2014-05-02 13:26 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-22 14:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech
2014-12-22 08:50 - 2014-12-02 14:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-21 15:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-20 20:47 - 2013-05-25 05:38 - 00000000 ____D () C:\Windows\Panther
2014-12-20 20:36 - 2014-08-09 11:58 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-12-20 20:35 - 2013-09-30 14:10 - 00000000 ____D () C:\Program Files (x86)\Pantech
2014-12-20 20:35 - 2013-05-24 13:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-18 21:49 - 2014-11-19 13:38 - 00001025 _____ () C:\Users\Agent86\Desktop\Dropbox.lnk
2014-12-18 21:49 - 2014-11-19 13:37 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-18 15:34 - 2013-09-30 14:11 - 00000000 ____D () C:\Users\Public\Documents\Pantech
2014-12-17 21:02 - 2013-06-04 17:39 - 00000000 ____D () C:\Program Files (x86)\War Thunder
2014-12-17 12:33 - 2013-09-08 18:31 - 00000000 ____D () C:\Program Files (x86)\OANDA - MetaTrader
2014-12-17 09:08 - 2014-03-24 09:40 - 04441216 _____ (MetaQuotes Software Corp.) C:\Windows\system32\MetaViewer64.dll
2014-12-17 08:19 - 2014-09-08 15:20 - 00000000 ____D () C:\Users\Agent86\AppData\Local\Adobe

Some content of TEMP:
====================
C:\Users\Agent86\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Agent86\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Agent86\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Agent86\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Agent86\AppData\Local\Temp\nvStInst.exe
C:\Users\Agent86\AppData\Local\Temp\Quarantine.exe
C:\Users\Agent86\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 15:19

==================== End Of Log ============================

Link to post
Share on other sites

Hi,

 

1. Download RKill and save it to your Desktop.

  • Right-click RKill.exe and select Run as Administrator....
  • If a Windows Security prompt shows up, please allow the program to start.
  • The program will start immediately with it's tasks. When the program has finished, a logfile will appear.
    Please copy the contents of this logfile in your next reply.

 

2. Please download fixlist.txt to your Desktop.

  • Please make sure to put fixlist.txt in the same location as where FRST.exe/FRST64.exe is located!

 
3. Start Farbar Recovery Scan Tool by right-clicking it and selecting Run as Administrator.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called fixlog.txt. Please include this logfile in your next reply.

 

4. Please delete fixlist.txt from your PC. (Important !!)

 

5. Start Malwarebytes' Anti-Malware.

  • On the Dashboard tab, click the Update Now button, to update the definitions to the latest version.
  • Then click the Scan tab. Select Custom Scan and click the Start Scan button.
  • In the window that appears, check the box next to Scan for Rootkits. Also, select all drives, except for CD/DVD-drives. After you have done this, click Start Scan.
  • Follow the instructions given by Malwarebytes' Anti-Malware.
  • If any items were found during the scan process, Malwarebytes' Anti-Malware will ask you what you want to do with those items. Please quarantine all items.
  • It's possible the program asks you for permission to restart the computer. If so, please allow MBAM to do so immediately.
  • Save the logfile in txt-format and copy/paste it in your next reply.
  • Note: If you can't find the logfile, look at the "History" tab. Select the most recent logfile (you can see the creation date in the log's title).

 
6. Reboot your computer. (Important!!)
 
7. Start Farbar Recovery Scan Tool
  • If asked, click Yes at the Disclaimer window.
  • Click Scan once the program has opened.
  • It will create a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

 

8. Please give me an update on your PC problems and also please include the logfiles from:

  • RKill
  • Farbar Recovery Scan Tool - using fixlist.txt
  • Malwarebytes' Anti-Malware
  • Farbar Recovery Scan Tool - regular scan

 

Good luck! :)

Link to post
Share on other sites

I will rerun the Farbar but for some reason once the scan is done it just exits and does not seem to actually produce any screens
 

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/16/2015 09:06:11 AM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 01/16/2015 09:08:14 AM
Execution time: 0 hours(s), 2 minute(s), and 2 seconds(s)

 


 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2015 01
Ran by Agent86 at 2015-01-16 09:14:56 Run:1
Running from C:\Users\Agent86\Desktop
Loaded Profiles: Agent86 (Available profiles: Agent86)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
S3 MFE_RR; \??\C:\Users\Agent86\AppData\Local\Temp\mfe_rr.sys [X]
U2 TMAgent; No ImagePath
FF Extension: Super Web Accelerator ! - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\firefox [2014-12-22]
C:\Users\Agent86\AppData\Local\Temp\mfe_rr.sys
C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\firefox [2014-12-22]
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
MFE_RR => Service deleted successfully.
TMAgent => Service deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\firefox => Moved successfully.
"C:\Users\Agent86\AppData\Local\Temp\mfe_rr.sys" => File/Directory not found.
"C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\firefox [2014-12-22]" => File/Directory not found.


The system needed a reboot.

==== End of Fixlog 09:14:56 ====

 

Farbar seemed to produce 2 .txt files at the end of it's scan I can't remember which scan this was

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by Agent86 (administrator) on AGENT86-PC on 16-01-2015 09:12:42
Running from C:\Users\Agent86\Desktop
Loaded Profiles: Agent86 (Available profiles: Agent86)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) C:\Program Files (x86)\iRacing\iRacingService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\Gaming Mouse\hid.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
() C:\Program Files (x86)\Gaming Mouse\trayicon.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-18] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Gaming Mouse\hid.exe [262656 2013-04-11] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2993030579-955168000-2236405169-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2993030579-955168000-2236405169-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.6/
HKU\S-1-5-21-2993030579-955168000-2236405169-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2993030579-955168000-2236405169-1000 -> DefaultScope {2AAC893C-3A01-41CA-BBD9-D721BFDCA843} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US0D20141222&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2993030579-955168000-2236405169-1000 -> {2AAC893C-3A01-41CA-BBD9-D721BFDCA843} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US0D20141222&p={SearchTerms}
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D9305048-DD6B-4EDF-8706-096EBE24E1D7} http://192.168.1.6/IPCWeb.cab
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Agent86\AppData\Roaming\Mozilla\Firefox\Profiles\bshy3bmp.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: my.yahoo.com
FF Keyword.URL: https://search.yahoo.com/search?fr=mcafee&type=B111US0D20141222&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Agent86\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin HKU\S-1-5-21-2993030579-955168000-2236405169-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Agent86\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Xmarks - C:\Users\Agent86\AppData\Roaming\Mozilla\Firefox\Profiles\bshy3bmp.default\Extensions\foxmarks@kei.com [2014-11-22]
FF Extension: Super Web Accelerator ! - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\firefox [2014-12-22]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-01-31]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-09]

Chrome:
=======
CHR Profile: C:\Users\Agent86\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-01-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-12-18] (Perfect World Entertainment Inc)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-09] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-09] (Avast Software)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 iRacingService; C:\Program Files (x86)\iRacing\iRacingService.exe [798840 2015-01-08] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [34640 2012-08-09] (ASRock Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-09] ()
R3 DroidCam; C:\Windows\System32\DRIVERS\droidcam.sys [33080 2014-12-25] (Dev47Apps)
R3 DroidCamVideo; C:\Windows\System32\DRIVERS\droidcamvideo.sys [228408 2014-12-25] (Dev47Apps)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 PSMNBUS; C:\Windows\System32\DRIVERS\PSMNBUS.sys [102784 2011-10-07] (DEVGURU Co., LTD.)
S3 PSMNMDM; C:\Windows\System32\DRIVERS\PSMNMDM.sys [183680 2011-10-07] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PSMNMDMVSP; C:\Windows\System32\DRIVERS\PSMNMDMVSP.sys [183808 2011-10-07] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PSMNMSMVSP; C:\Windows\System32\DRIVERS\PSMNMSMVSP.sys [183808 2011-10-07] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PSMNNET61; C:\Windows\System32\DRIVERS\PSMNNET61.sys [113408 2011-10-07] (DEVGURU Co., LTD.)
S3 PSMNRMNET; C:\Windows\System32\DRIVERS\PSMNRMNET.sys [63744 2011-10-07] (DEVGURU Co., LTD.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-09] (Avast Software)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MFE_RR; \??\C:\Users\Agent86\AppData\Local\Temp\mfe_rr.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
U2 TMAgent; No ImagePath
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 09:12 - 2015-01-16 09:12 - 00015236 _____ () C:\Users\Agent86\Desktop\FRST.txt
2015-01-16 09:12 - 2015-01-16 09:12 - 00000000 ____D () C:\Users\Agent86\Desktop\FRST-OlderVersion
2015-01-16 09:06 - 2015-01-16 09:08 - 00002030 _____ () C:\Users\Agent86\Desktop\Rkill.txt
2015-01-16 09:05 - 2015-01-16 09:05 - 00000658 _____ () C:\Users\Agent86\Desktop\fixlist.txt
2015-01-16 09:04 - 2015-01-14 11:19 - 00050477 _____ () C:\Users\Agent86\Desktop\Defogger.exe
2015-01-16 09:03 - 2015-01-16 09:12 - 02125312 _____ (Farbar) C:\Users\Agent86\Desktop\FRST64.exe
2015-01-16 09:03 - 2015-01-16 08:53 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Agent86\Desktop\rkill.exe
2015-01-16 08:53 - 2015-01-16 08:53 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Agent86\Downloads\rkill.exe
2015-01-16 07:50 - 2015-01-16 07:50 - 00000197 _____ () C:\Windows\system32\2015-01-16-12-50-08.033-AvastVBoxSVC.exe-3136.log
2015-01-15 15:34 - 2015-01-15 15:34 - 00000197 _____ () C:\Windows\system32\2015-01-15-20-34-01.065-AvastVBoxSVC.exe-4196.log
2015-01-14 16:24 - 2015-01-14 16:24 - 00000197 _____ () C:\Windows\system32\2015-01-14-21-24-15.062-AvastVBoxSVC.exe-3716.log
2015-01-14 15:54 - 2015-01-14 15:54 - 00005163 _____ () C:\Users\Agent86\Documents\gmer_scan.log
2015-01-14 14:45 - 2015-01-14 14:45 - 00380416 _____ () C:\Users\Agent86\Downloads\vwq3bj8g.exe
2015-01-14 12:18 - 2015-01-14 12:18 - 00000197 _____ () C:\Windows\system32\2015-01-14-17-18-53.083-AvastVBoxSVC.exe-3176.log
2015-01-14 12:08 - 2015-01-14 12:08 - 00000197 _____ () C:\Windows\system32\2015-01-14-17-08-49.028-AvastVBoxSVC.exe-3048.log
2015-01-14 12:06 - 2015-01-14 12:16 - 00000624 _____ () C:\Windows\PFRO.log
2015-01-14 12:01 - 2015-01-14 12:15 - 00000000 ____D () C:\AdwCleaner
2015-01-14 12:01 - 2015-01-14 12:01 - 02191360 _____ () C:\Users\Agent86\Downloads\adwcleaner_4.107.exe
2015-01-14 11:22 - 2015-01-14 11:22 - 00000197 _____ () C:\Windows\system32\2015-01-14-16-22-16.007-AvastVBoxSVC.exe-3220.log
2015-01-14 11:18 - 2015-01-14 11:19 - 00050477 _____ () C:\Users\Agent86\Downloads\Defogger.exe
2015-01-14 08:21 - 2015-01-14 08:21 - 00000197 _____ () C:\Windows\system32\2015-01-14-13-21-50.076-AvastVBoxSVC.exe-4060.log
2015-01-14 08:10 - 2014-12-12 19:47 - 00620176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-01-14 08:06 - 2014-12-13 05:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-14 08:06 - 2014-12-13 05:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 00391488 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 00346944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-14 08:06 - 2014-10-09 12:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-01-14 08:06 - 2014-10-09 12:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-01-14 08:06 - 2014-10-09 02:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2015-01-14 08:02 - 2015-01-14 08:02 - 00000197 _____ () C:\Windows\system32\2015-01-14-13-02-02.064-AvastVBoxSVC.exe-2912.log
2015-01-13 17:07 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 17:07 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 17:07 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 17:07 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 17:07 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 17:07 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 17:07 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 17:07 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 17:07 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 17:07 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 17:07 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 17:07 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 17:07 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 13:42 - 2015-01-13 13:42 - 00000197 _____ () C:\Windows\system32\2015-01-13-18-42-25.051-AvastVBoxSVC.exe-3028.log
2015-01-12 13:22 - 2015-01-12 13:23 - 00000197 _____ () C:\Windows\system32\2015-01-12-18-22-42.075-AvastVBoxSVC.exe-4296.log
2015-01-11 09:30 - 2015-01-11 09:31 - 00000197 _____ () C:\Windows\system32\2015-01-11-14-30-58.063-AvastVBoxSVC.exe-4652.log
2015-01-10 09:14 - 2015-01-10 09:14 - 00000197 _____ () C:\Windows\system32\2015-01-10-14-14-13.021-AvastVBoxSVC.exe-1960.log
2015-01-09 15:56 - 2015-01-16 07:49 - 00003855 _____ () C:\Windows\setupact.log
2015-01-09 15:56 - 2015-01-09 15:56 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-09 14:50 - 2015-01-09 14:50 - 00000247 _____ () C:\Windows\system32\2015-01-09-19-50-06.058-aswFe.exe-5204.log
2015-01-09 14:41 - 2015-01-09 14:50 - 00000247 _____ () C:\Windows\system32\2015-01-09-19-41-22.065-aswFe.exe-3144.log
2015-01-09 14:41 - 2015-01-09 14:41 - 00000197 _____ () C:\Windows\system32\2015-01-09-19-41-16.072-AvastVBoxSVC.exe-3900.log
2015-01-09 14:30 - 2015-01-09 14:30 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\AVAST Software
2015-01-09 14:28 - 2015-01-09 14:28 - 00001924 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-09 14:28 - 2015-01-09 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-09 14:27 - 2015-01-16 07:50 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-09 14:27 - 2015-01-09 14:28 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-01-09 14:27 - 2015-01-09 14:26 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-01-09 14:27 - 2015-01-09 14:26 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-09 14:27 - 2015-01-09 14:26 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-09 14:27 - 2015-01-09 14:26 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-09 14:27 - 2015-01-09 14:26 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-09 14:27 - 2015-01-09 14:26 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-09 14:26 - 2015-01-09 14:27 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-09 14:26 - 2015-01-09 14:26 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-09 14:26 - 2015-01-09 14:26 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-09 14:24 - 2015-01-09 14:24 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-09 14:22 - 2015-01-09 14:22 - 05006864 _____ (AVAST Software) C:\Users\Agent86\Downloads\avast_free_antivirus_setup_online.exe
2015-01-06 15:31 - 2015-01-06 15:31 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-12-31 22:32 - 2014-12-31 22:32 - 00000000 ____D () C:\Users\Public\Documents\Arc
2014-12-25 22:16 - 2014-12-25 22:16 - 00000000 ____D () C:\Users\Agent86\.gradle
2014-12-25 22:15 - 2014-12-25 22:15 - 00000000 ____D () C:\Users\Agent86\AndroidStudioProjects
2014-12-25 09:37 - 2014-12-25 11:05 - 00000022 _____ () C:\ProgramData\droidcam-settings
2014-12-25 09:16 - 2014-12-25 09:16 - 00001022 _____ () C:\Users\Agent86\Desktop\DroidCamApp.lnk
2014-12-25 09:16 - 2014-12-25 09:16 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DroidCam
2014-12-25 09:14 - 2014-12-25 09:16 - 00000000 ____D () C:\Program Files (x86)\DroidCam
2014-12-25 09:14 - 2014-12-25 09:14 - 00228408 _____ (Dev47Apps) C:\Windows\system32\Drivers\droidcamvideo.sys
2014-12-25 09:14 - 2014-12-25 09:14 - 00033080 _____ (Dev47Apps) C:\Windows\system32\Drivers\droidcam.sys
2014-12-25 09:14 - 2014-12-25 09:14 - 00000000 ____D () C:\Users\Agent86\Downloads\DroidCam.Client.5.0.1
2014-12-25 09:11 - 2014-12-25 09:13 - 00871092 _____ () C:\Users\Agent86\Downloads\DroidCam.Client.5.0.1.zip
2014-12-22 21:29 - 2015-01-09 15:12 - 00000000 ____D () C:\Users\Agent86\AppData\Local\CrashDumps
2014-12-22 21:04 - 2014-12-22 21:04 - 00000222 _____ () C:\Users\Agent86\Desktop\Wargame AirLand Battle.url
2014-12-22 13:23 - 2015-01-09 15:29 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-22 13:23 - 2014-12-22 13:23 - 18315864 _____ () C:\Users\Agent86\Downloads\RogueKillerX64.exe
2014-12-22 13:23 - 2014-12-22 13:23 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-22 13:20 - 2015-01-16 09:12 - 00000000 ____D () C:\FRST
2014-12-22 13:20 - 2014-12-22 13:20 - 02122240 _____ (Farbar) C:\Users\Agent86\Downloads\FRST64.exe
2014-12-22 09:01 - 2014-12-22 09:01 - 05292448 _____ (McAfee, Inc.) C:\Users\Agent86\Downloads\McAfeeSetup-AutoLogin.exe
2014-12-22 08:50 - 2015-01-09 14:06 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\jellylam
2014-12-22 08:50 - 2015-01-06 11:35 - 00000852 __RSH () C:\ProgramData\ntuser.pol
2014-12-22 08:46 - 2014-12-22 08:53 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-12-22 08:45 - 2014-12-22 08:45 - 00000036 _____ () C:\Users\Agent86\AppData\Local\housecall.guid.cache
2014-12-22 08:34 - 2014-12-22 08:34 - 00000000 ____D () C:\Users\Agent86\AppData\Local\Trend Micro
2014-12-22 08:27 - 2014-12-22 08:27 - 00002611 _____ () C:\Users\Agent86\.recently-used.xbel
2014-12-22 07:33 - 2014-12-22 07:33 - 00000197 _____ () C:\Windows\system32\2014-12-22-12-33-32.088-AvastVBoxSVC.exe-972.log
2014-12-21 21:20 - 2014-12-21 21:20 - 00000197 _____ () C:\Windows\system32\2014-12-22-02-20-00.083-AvastVBoxSVC.exe-4040.log
2014-12-21 10:43 - 2014-12-21 10:43 - 00000197 _____ () C:\Windows\system32\2014-12-21-15-43-13.079-AvastVBoxSVC.exe-4340.log
2014-12-21 10:17 - 2014-12-21 10:17 - 00000197 _____ () C:\Windows\system32\2014-12-21-15-17-34.095-AvastVBoxSVC.exe-4348.log
2014-12-21 09:19 - 2014-12-21 09:19 - 00000197 _____ () C:\Windows\system32\2014-12-21-14-19-02.016-AvastVBoxSVC.exe-2856.log
2014-12-20 20:56 - 2014-12-20 20:56 - 00000197 _____ () C:\Windows\system32\2014-12-21-01-56-37.038-AvastVBoxSVC.exe-3132.log
2014-12-20 20:42 - 2014-12-20 20:42 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-12-20 20:42 - 2014-12-20 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-20 20:42 - 2014-12-20 20:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-20 19:51 - 2014-12-20 19:51 - 00000247 _____ () C:\Windows\system32\2014-12-21-00-51-38.060-aswFe.exe-5896.log
2014-12-20 19:45 - 2014-12-20 19:51 - 00000247 _____ () C:\Windows\system32\2014-12-21-00-45-10.049-aswFe.exe-4200.log
2014-12-20 19:45 - 2014-12-20 19:45 - 00000197 _____ () C:\Windows\system32\2014-12-21-00-45-02.057-AvastVBoxSVC.exe-6016.log
2014-12-20 19:35 - 2014-12-20 19:35 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-12-20 19:35 - 2014-12-20 19:35 - 00000000 ____D () C:\Windows\system32\vbox
2014-12-20 19:33 - 2014-12-20 19:34 - 00000000 ____D () C:\NPE
2014-12-20 19:29 - 2014-12-20 20:32 - 00000000 ____D () C:\Users\Agent86\AppData\Local\NPE
2014-12-20 19:29 - 2014-12-20 19:29 - 00000000 ____D () C:\ProgramData\Norton
2014-12-20 18:40 - 2015-01-14 12:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-20 18:39 - 2014-12-20 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-20 18:39 - 2014-12-20 18:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-20 18:39 - 2014-12-20 18:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-20 18:39 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-20 18:39 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-20 18:39 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-19 19:08 - 2014-12-22 08:42 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-19 19:08 - 2014-12-22 08:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-12-19 07:45 - 2014-12-19 07:45 - 00000000 ____D () C:\.Trash-1000
2014-12-18 23:06 - 2014-12-18 23:06 - 00013821 _____ () C:\Windows\system32\PSMNsetup_20141218.log
2014-12-18 20:55 - 2014-12-18 20:55 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_PSMNNET61_01009.Wdf
2014-12-18 20:52 - 2014-12-18 20:52 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2014-12-18 20:52 - 2014-12-18 20:52 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_PSMNRMNET_01009.Wdf
2014-12-18 18:32 - 2015-01-06 11:35 - 00003764 _____ () C:\Windows\System32\Tasks\Convertor
2014-12-18 18:32 - 2015-01-06 11:35 - 00003280 _____ () C:\Windows\System32\Tasks\Winsta Update
2014-12-18 18:32 - 2015-01-06 11:35 - 00000000 ____D () C:\Program Files (x86)\Winsta
2014-12-18 18:32 - 2014-12-18 18:32 - 00000376 _____ () C:\Users\Agent86\AppData\Local\VC2MmUT.vbs
2014-12-18 18:32 - 2014-12-18 18:32 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\PDFConvert
2014-12-18 18:32 - 2014-12-18 18:32 - 00000000 ____D () C:\Program Files (x86)\Convertor
2014-12-18 17:06 - 2014-12-18 20:05 - 00000000 ____D () C:\Users\Agent86\.android
2014-12-18 17:06 - 2014-12-18 17:06 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\JetBrains
2014-12-18 17:06 - 2014-12-18 17:06 - 00000000 ____D () C:\Users\Agent86\.AndroidStudio
2014-12-18 17:06 - 2014-12-18 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2014-12-18 17:01 - 2014-12-18 17:01 - 00000000 ____D () C:\Users\Agent86\AppData\Local\Android
2014-12-18 17:00 - 2014-12-18 17:00 - 00000000 ____D () C:\Program Files\Android
2014-12-18 16:57 - 2014-12-18 16:57 - 00000000 ____D () C:\Users\Agent86\.jmc
2014-12-18 16:55 - 2014-12-18 16:55 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-12-18 16:55 - 2014-12-18 16:55 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-12-18 16:55 - 2014-12-18 16:55 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-12-18 16:55 - 2014-12-18 16:55 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-12-18 16:55 - 2014-12-18 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-12-18 16:54 - 2014-12-18 16:55 - 00000000 ____D () C:\Program Files\Java
2014-12-18 15:33 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 15:33 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 08:21 - 2014-11-22 05:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-12-17 08:21 - 2014-11-22 05:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 09:02 - 2013-05-25 04:43 - 01198019 _____ () C:\Windows\WindowsUpdate.log
2015-01-16 08:36 - 2013-05-24 15:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 07:57 - 2009-07-13 23:45 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 07:57 - 2009-07-13 23:45 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 07:49 - 2013-05-24 14:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-16 07:49 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 22:39 - 2013-05-25 19:18 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\TS3Client
2015-01-15 15:46 - 2013-08-14 20:15 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 15:42 - 2013-05-25 10:54 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 16:20 - 2013-05-24 13:45 - 00000000 ____D () C:\Users\Agent86
2015-01-14 08:10 - 2013-05-24 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-14 08:02 - 2013-05-24 15:06 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 08:02 - 2013-05-24 15:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 08:02 - 2013-05-24 15:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-09 15:12 - 2014-05-02 11:55 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-09 14:24 - 2013-05-24 15:20 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-09 14:20 - 2013-05-24 14:07 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-09 14:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Web
2015-01-08 20:24 - 2014-09-06 13:10 - 00000000 ____D () C:\Program Files (x86)\iRacing
2015-01-06 11:30 - 2009-07-14 00:08 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-06 04:36 - 2013-05-24 14:26 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-31 22:32 - 2014-02-15 19:46 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\Arc
2014-12-26 21:29 - 2013-10-18 16:23 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-26 21:29 - 2013-06-22 19:27 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-25 10:49 - 2014-11-19 13:38 - 00000000 ___RD () C:\Users\Agent86\Dropbox
2014-12-25 09:37 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-25 09:26 - 2014-11-19 13:36 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\Dropbox
2014-12-22 21:27 - 2013-06-10 16:18 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-22 21:04 - 2014-05-02 13:26 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-22 14:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech
2014-12-22 08:50 - 2014-12-02 14:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-21 15:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-20 20:47 - 2013-05-25 05:38 - 00000000 ____D () C:\Windows\Panther
2014-12-20 20:36 - 2014-08-09 11:58 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-12-20 20:35 - 2013-09-30 14:10 - 00000000 ____D () C:\Program Files (x86)\Pantech
2014-12-20 20:35 - 2013-05-24 13:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-18 21:49 - 2014-11-19 13:38 - 00001025 _____ () C:\Users\Agent86\Desktop\Dropbox.lnk
2014-12-18 21:49 - 2014-11-19 13:37 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-18 15:34 - 2013-09-30 14:11 - 00000000 ____D () C:\Users\Public\Documents\Pantech
2014-12-17 21:02 - 2013-06-04 17:39 - 00000000 ____D () C:\Program Files (x86)\War Thunder
2014-12-17 12:33 - 2013-09-08 18:31 - 00000000 ____D () C:\Program Files (x86)\OANDA - MetaTrader
2014-12-17 09:08 - 2014-03-24 09:40 - 04441216 _____ (MetaQuotes Software Corp.) C:\Windows\system32\MetaViewer64.dll
2014-12-17 08:19 - 2014-09-08 15:20 - 00000000 ____D () C:\Users\Agent86\AppData\Local\Adobe

Some content of TEMP:
====================
C:\Users\Agent86\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Agent86\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Agent86\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Agent86\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Agent86\AppData\Local\Temp\nvStInst.exe
C:\Users\Agent86\AppData\Local\Temp\Quarantine.exe
C:\Users\Agent86\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 15:19

==================== End Of Log ============================

 


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by Agent86 at 2015-01-16 09:13:13
Running from C:\Users\Agent86\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AirMech (HKLM-x32\...\Steam App 206500) (Version:  - Carbon Games)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
ASRock eXtreme Tuner v0.1.381.1 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version:  - )
ASRock XFast RAM v2.0.28 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)
ATI Catalyst Install Manager (HKLM\...\{2770B8D8-701A-1D22-635F-8711DFC06B92}) (Version: 3.0.762.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Avconv (HKU\S-1-5-21-2993030579-955168000-2236405169-1000\...\309e5e15afa98792) (Version: 1.0.0.1 - Koxx)
Battle Nations (HKLM-x32\...\Steam App 251670) (Version:  - Z2)
Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.3 - Broadcom Corporation)
Cannons Lasers Rockets (HKLM-x32\...\Steam App 265770) (Version:  - Net Games Laboratory)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Combat Arms (HKLM-x32\...\Steam App 212180) (Version:  - Nexon)
CPUID HWMonitor 1.22 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Dropbox (HKU\S-1-5-21-2993030579-955168000-2236405169-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.105 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.105 - Etron Technology) Hidden
Evochron Mercenary (HKLM-x32\...\Evochron Mercenary_is1) (Version:  - StarWraith 3D Games LLC)
Evolution RTS (HKLM-x32\...\Steam App 291150) (Version:  - Frozen Yak Entertainment)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Gaming Mouse (HKLM-x32\...\{A7B243AA-6D4C-4575-A873-6F01A1EFC5E2}}_is1) (Version:  - )
Geany 1.23.1 (HKLM-x32\...\Geany) (Version: 1.23.1 - The Geany developer team)
HAWKEN (HKLM-x32\...\Steam App 271290) (Version:  - Adhesive Games)
iRacing.com Race Simulation (HKLM-x32\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0487 - iRacing.com Motorsport Simulations)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java SE Development Kit 7 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)
LibreOffice 4.2.2.1 (HKLM-x32\...\{0ECDB550-79ED-4E9E-851B-19A8B2B4EBFA}) (Version: 4.2.2.1 - The Document Foundation)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
March of War (HKLM-x32\...\Steam App 234310) (Version:  - ISOTX)
MechWarrior Online (HKLM-x32\...\{ffbbd184-8eba-469f-bb26-ea4e1f6bfd4c}) (Version: 1.4.1.0 - Piranha Games Inc.)
MechWarrior Online (x32 Version: 1.4.1.0 - Piranha Games Inc.) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Moon Breakers (HKLM-x32\...\Steam App 208030) (Version:  - Imba Entertainment)
Mozilla Firefox 34.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 en-US)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
NASCAR '14 (HKLM-x32\...\Steam App 254130) (Version:  - Eutechnyx)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OANDA - MetaTrader (HKLM-x32\...\OANDA - MetaTrader) (Version: 4.00 - MetaQuotes Software Corp.)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Overwolf.Setup.VC100CRTx64.Dist (HKLM\...\{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}) (Version: 1.0.0 - Overwolf)
Pantech Android USB Driver Ver1 (HKLM\...\{19E88D03-44D4-46aa-9F3C-D6CFC035BFE6}) (Version: 1.1.0.0 - Pantech)
Pantech PC Suite (HKLM-x32\...\Pantech PC Suite) (Version: 1.1.1.3437 - MobileLeader)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
Python 2.7.3 (HKLM-x32\...\{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.2-1.0.11364.75 - raidcall.com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6378 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Star Conflict Launcher 1.0.1.18 (HKLM-x32\...\StarConflictLauncher_is1) (Version:  - )
Star Trek Online (HKLM-x32\...\Steam App 9900) (Version:  - Cryptic Studios)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Thrustmaster Force Feedback Driver (HKLM-x32\...\{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}) (Version: 2.FFD.2009 - Thrustmaster)
Trading Paints (HKLM-x32\...\{03C0A801-FC2F-442C-A0BD-DB63B373DE27}) (Version: 1.1.1 - Shawn05.com)
Unity Web Player (HKU\S-1-5-21-2993030579-955168000-2236405169-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
War Thunder Launcher 1.0.1.199 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - 2012 Gaijin Entertainment Corporation)
Wargame: AirLand Battle (HKLM-x32\...\Steam App 222750) (Version:  - Eugen Systems)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813NA}_is1) (Version:  - Wargaming.net)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2993030579-955168000-2236405169-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Agent86\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2993030579-955168000-2236405169-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2993030579-955168000-2236405169-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2993030579-955168000-2236405169-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2993030579-955168000-2236405169-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2993030579-955168000-2236405169-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2993030579-955168000-2236405169-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2993030579-955168000-2236405169-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2993030579-955168000-2236405169-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

18-12-2014 15:42:50 Windows Update
18-12-2014 16:53:59 Installed Java SE Development Kit 7 Update 71 (64-bit)
18-12-2014 16:55:14 Installed Java 7 Update 71 (64-bit)
18-12-2014 23:05:44 Installed Pantech Burst OS Upgrade Tool
20-12-2014 19:27:00 avast! antivirus system restore point
20-12-2014 20:35:31 Removed Pantech Burst OS Upgrade Tool
20-12-2014 20:36:20 Removed PingPlotter Standard 3.42.3s
22-12-2014 08:36:41 avast! antivirus system restore point
22-12-2014 21:26:48 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
22-12-2014 21:27:38 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
25-12-2014 09:14:45 Device Driver Package Install: Dev47Apps.com Sound, video and game controllers
25-12-2014 09:15:42 Device Driver Package Install: Dev47Apps.com Sound, video and game controllers
26-12-2014 21:29:15 McAfee Vulnerability Scanner
02-01-2015 19:29:55 McAfee Vulnerability Scanner
09-01-2015 14:23:38 avast! antivirus system restore point
10-01-2015 10:00:48 Windows Update
13-01-2015 17:03:35 Windows Update
13-01-2015 22:35:17 Windows Update
15-01-2015 15:42:06 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {021EF2CB-EB93-48DF-AFBD-9492D759D600} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-09] (AVAST Software)
Task: {370B1002-62FB-4793-AF29-2FC2C7D96C2D} - System32\Tasks\Convertor => C:\Program Files (x86)\Convertor\Convertor.exe [2014-11-25] ()
Task: {5CB524E1-70E9-44AD-8B93-16DE8EE136C4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {5F5993EF-D94F-4DF2-BE9E-8953F2CD6670} - System32\Tasks\{EBD40329-5032-4591-AB22-A5CEF5BC3B52} => pcalua.exe -a "C:\Program Files\TeamSpeak 3 Client\plugins\ts3overlay\InstallHook.exe" -d "C:\Program Files\TeamSpeak 3 Client\plugins\ts3overlay\" -c ts3overlay_hook_win32.dll 10000
Task: {CA7C18C9-A6EE-427C-B832-684C557D8AD3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {EED9E3DB-D56A-4EDB-AD91-ECDA472FD90E} - System32\Tasks\Winsta Update => C:\Program Files (x86)\Winsta\Winsta.exe [2014-11-27] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-05-24 14:06 - 2014-12-13 03:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-09 14:25 - 2015-01-09 14:25 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2015-01-09 14:25 - 2015-01-09 14:25 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-01-16 16:18 - 2013-04-11 09:24 - 00262656 _____ () C:\Program Files (x86)\Gaming Mouse\hid.exe
2014-04-19 14:27 - 2014-12-12 19:13 - 00708240 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2014-04-19 14:27 - 2014-12-12 19:13 - 00854160 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2014-01-16 16:18 - 2013-03-08 17:39 - 00256512 _____ () C:\Program Files (x86)\Gaming Mouse\trayicon.exe
2015-01-15 17:30 - 2015-01-15 17:30 - 02910720 _____ () C:\Program Files\AVAST Software\Avast\defs\15011502\algo.dll
2015-01-09 14:25 - 2015-01-09 14:25 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-01-16 07:50 - 2015-01-16 07:50 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15011600\algo.dll
2014-01-16 16:18 - 2013-01-15 17:06 - 00061952 _____ () C:\Program Files (x86)\Gaming Mouse\HidDevice.dll
2015-01-09 14:26 - 2015-01-09 14:26 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-16 16:18 - 2011-11-22 14:18 - 00249856 _____ () C:\Program Files (x86)\Gaming Mouse\language.dll
2014-12-02 14:03 - 2014-12-02 14:03 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2993030579-955168000-2236405169-500 - Administrator - Disabled)
Agent86 (S-1-5-21-2993030579-955168000-2236405169-1000 - Administrator - Enabled) => C:\Users\Agent86
Guest (S-1-5-21-2993030579-955168000-2236405169-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2015 07:49:43 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (01/16/2015 07:49:43 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (01/16/2015 07:49:43 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (01/14/2015 03:20:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (01/14/2015 11:22:02 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (01/14/2015 11:22:02 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (01/14/2015 11:22:02 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (01/11/2015 00:31:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (01/11/2015 11:29:41 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (01/09/2015 01:37:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: ZMODOOCX.ocx, version: 1.1.6.33, time stamp: 0x5369e8ce
Exception code: 0xc0000005
Fault offset: 0x00052043
Faulting process id: 0x153c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3


System errors:
=============
Error: (01/16/2015 08:54:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (01/14/2015 00:05:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Volume Shadow Copy service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/14/2015 00:05:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/14/2015 00:05:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/14/2015 00:05:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/14/2015 00:05:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Network Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/14/2015 00:05:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iRacing.com Helper Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/14/2015 00:05:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA GeForce Experience Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/14/2015 00:05:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Foxit Cloud Safe Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/14/2015 00:05:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (01/16/2015 07:49:43 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (01/16/2015 07:49:43 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (01/16/2015 07:49:43 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (01/14/2015 03:20:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe

Error: (01/14/2015 11:22:02 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (01/14/2015 11:22:02 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (01/14/2015 11:22:02 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (01/11/2015 00:31:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe

Error: (01/11/2015 11:29:41 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe

Error: (01/09/2015 01:37:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccZMODOOCX.ocx1.1.6.335369e8cec000000500052043153c01d02c3b4f0f7159C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\DOWNLO~1\ZMODOOCX.ocx96d8cc72-982e-11e4-9636-bc5ff49bd49f


==================== Memory info ===========================

Processor: AMD FX-8350 Eight-Core Processor
Percentage of memory in use: 15%
Total physical RAM: 16341.63 MB
Available physical RAM: 13855.7 MB
Total Pagefile: 32681.45 MB
Available Pagefile: 30006 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:494.73 GB) (Free:189.14 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C7DE05E6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=494.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=436.7 GB) - (Type=05)

==================== End Of Log ============================

 

I started malewarebytes to get the history log but it appears to still be running in the backround so I'll post that once it's complete

Link to post
Share on other sites

Hi,

 

1. Download ComboFix to your Desktop.

WARNING: ComboFix is a very powerful tool that can damage your system when not used properly. ONLY use this tool under supervision of a trained Malware Analyst. Never use it on your own!!!

NOTE: Don't use your computer for other purposes while running ComboFix. It may cause it to stall!

  • Temporary disable your own anti-virus and other anti-malware programs. For instructions, take a look here.
  • Close all open windows.
  • Right-click ComboFix.exe and select Run as Administrator.
  • Accept the Disclaimer.
  • If you're asked to install the Recovery Console, allow the program to do so.
  • The scan may take some time to finish. Wait for it, please.
  • If ComboFix asks to restart the system, please allow so immediately.
  • When finished, ComboFix will show you a logfile. Please copy/paste the contents of this logfile in your next reply.


If somehow the logfile didn't open or if you can't find it anymore, it's saved as C:\ComboFix.txt.

 

2. Start Farbar Recovery Scan Tool

  • If asked, click Yes at the Disclaimer window.
  • Click Scan once the program has opened.
  • It will create a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

 

Please also give me an update on your PC problems. :)

Link to post
Share on other sites

I have to start from scratch again
I'm getting ads again and also getting a poppup that says can't find appdata/roaming/5.exe or something. I posted about this previously and got that to go away but it's back again.

Anyhow I'll post back sorry for the delay.
 

Link to post
Share on other sites

ComboFix 15-01-22.02 - Agent86 01/24/2015  18:04:37.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.16342.13812 [GMT -5:00]
Running from: c:\users\Agent86\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Agent86\AppData\Roaming\Microsoft\Windows\Recent\NASCAR '14.url
c:\users\Agent86\AppData\Roaming\Winsta
c:\users\Agent86\AppData\Roaming\Winsta\Winsta.exe
c:\windows\msdownld.tmp
c:\windows\SysWow64\logs
c:\windows\SysWow64\logs\disconnected.log
.
.
(((((((((((((((((((((((((   Files Created from 2014-12-24 to 2015-01-24  )))))))))))))))))))))))))))))))
.
.
2015-01-24 23:12 . 2015-01-24 23:12    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-01-24 23:11 . 2015-01-24 23:11    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{443CD959-9ED1-46A6-BA91-EA9A74E81625}\offreg.dll
2015-01-23 15:48 . 2015-01-23 15:48    --------    d-----w-    c:\programdata\Dsp
2015-01-23 15:29 . 2014-12-02 10:26    11870360    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{443CD959-9ED1-46A6-BA91-EA9A74E81625}\mpengine.dll
2015-01-23 15:03 . 2015-01-23 15:03    --------    d-----w-    c:\users\Agent86\AppData\Roaming\Convertor
2015-01-23 14:53 . 2015-01-09 22:27    621200    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2015-01-20 21:33 . 2015-01-20 21:33    --------    d-----w-    c:\users\Agent86\AppData\Local\ORPALIS
2015-01-20 21:29 . 2015-01-20 21:29    --------    d-----w-    c:\users\Agent86\AppData\Local\Downloaded Installations
2015-01-20 20:16 . 2007-06-27 16:32    634880    ----a-w-    c:\windows\system32\hpgt7800.dll
2015-01-14 17:01 . 2015-01-23 22:03    --------    d-----w-    C:\AdwCleaner
2015-01-14 13:06 . 2014-12-13 10:08    1895056    ----a-w-    c:\windows\system32\nvdispco6434709.dll
2015-01-14 13:06 . 2014-12-13 10:08    1556624    ----a-w-    c:\windows\system32\nvdispgenco6434709.dll
2015-01-14 13:06 . 2014-10-09 17:02    30536    ----a-w-    c:\windows\system32\nvhdap64.dll
2015-01-14 13:06 . 2014-10-09 17:02    195728    ----a-w-    c:\windows\system32\drivers\nvhda64v.sys
2015-01-14 13:06 . 2014-10-09 07:17    1540240    ----a-w-    c:\windows\system32\nvhdagenco64.dll
2015-01-09 19:30 . 2015-01-09 19:30    --------    d-----w-    c:\users\Agent86\AppData\Roaming\AVAST Software
2015-01-09 19:27 . 2015-01-09 19:26    116728    ----a-w-    c:\windows\system32\drivers\aswStm.sys
2015-01-09 19:27 . 2015-01-09 19:26    267632    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2015-01-09 19:27 . 2015-01-09 19:26    436624    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2015-01-09 19:27 . 2015-01-09 19:26    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2015-01-09 19:27 . 2015-01-09 19:28    87912    ----a-w-    c:\windows\system32\drivers\aswmonflt.sys
2015-01-09 19:27 . 2015-01-09 19:26    29208    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2015-01-09 19:27 . 2015-01-09 19:26    93568    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2015-01-09 19:26 . 2015-01-09 19:27    1050432    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2015-01-09 19:26 . 2015-01-09 19:26    364512    ----a-w-    c:\windows\system32\aswBoot.exe
2015-01-09 19:26 . 2015-01-09 19:26    43152    ----a-w-    c:\windows\avastSS.scr
2015-01-09 19:24 . 2015-01-09 19:24    --------    d-----w-    c:\program files\AVAST Software
2015-01-06 20:31 . 2015-01-06 20:31    --------    d-----w-    c:\programdata\Hewlett-Packard
2015-01-06 20:31 . 2009-07-14 01:41    230400    ----a-w-    c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2014-12-27 02:30 . 2014-12-27 02:30    --------    d-----w-    c:\program files (x86)\Common Files\Java
2014-12-26 03:16 . 2014-12-26 03:16    --------    d-----w-    c:\users\Agent86\.gradle
2014-12-26 03:15 . 2014-12-26 03:15    --------    d-----w-    c:\users\Agent86\AndroidStudioProjects
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-24 21:36 . 2013-05-24 20:06    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-24 21:36 . 2013-05-24 20:06    701616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-23 22:09 . 2014-12-20 23:40    129752    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-16 06:41 . 2014-06-23 20:28    1316184    ----a-w-    c:\windows\SysWow64\nvspbridge.dll
2015-01-16 06:41 . 2014-04-19 19:27    1278920    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2015-01-16 06:41 . 2014-06-23 20:28    1756424    ----a-w-    c:\windows\system32\nvspbridge64.dll
2015-01-16 06:41 . 2014-04-19 19:27    1514528    ----a-w-    c:\windows\system32\nvspcap64.dll
2015-01-15 20:42 . 2013-05-25 15:54    113365784    ----a-w-    c:\windows\system32\MRT.exe
2015-01-10 08:07 . 2014-11-28 15:36    2902456    ----a-w-    c:\windows\SysWow64\nvapi.dll
2015-01-10 08:07 . 2014-01-16 21:33    17250776    ----a-w-    c:\windows\system32\nvd3dumx.dll
2015-01-10 08:07 . 2013-10-27 14:12    18566296    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2015-01-10 08:07 . 2013-05-24 19:06    73872    ----a-w-    c:\windows\system32\OpenCL.dll
2015-01-10 08:07 . 2013-05-24 19:06    60744    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2015-01-10 08:07 . 2013-02-26 04:32    14115944    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2015-01-10 08:07 . 2013-02-26 04:32    3298816    ----a-w-    c:\windows\system32\nvapi64.dll
2015-01-09 23:30 . 2013-05-24 19:06    6860432    ----a-w-    c:\windows\system32\nvcpl.dll
2015-01-09 23:30 . 2013-05-24 19:06    3517256    ----a-w-    c:\windows\system32\nvsvc64.dll
2015-01-09 23:29 . 2013-05-24 19:06    935056    ----a-w-    c:\windows\system32\nvvsvc.exe
2015-01-09 23:29 . 2013-05-24 19:06    2558608    ----a-w-    c:\windows\system32\nvsvcr.dll
2015-01-09 23:29 . 2013-05-24 19:06    62608    ----a-w-    c:\windows\system32\nvshext.dll
2015-01-09 23:29 . 2013-05-24 19:06    385352    ----a-w-    c:\windows\system32\nvmctray.dll
2015-01-09 20:29 . 2014-12-22 18:23    37624    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2015-01-09 19:47 . 2013-05-24 19:06    4173527    ----a-w-    c:\windows\system32\nvcoproc.bin
2015-01-06 09:36 . 2013-05-24 19:26    298120    ------w-    c:\windows\system32\MpSigStub.exe
2014-12-25 14:14 . 2014-12-25 14:14    33080    ----a-w-    c:\windows\system32\drivers\droidcam.sys
2014-12-25 14:14 . 2014-12-25 14:14    228408    ----a-w-    c:\windows\system32\drivers\droidcamvideo.sys
2014-12-18 23:32 . 2014-12-18 23:32    376    ----a-w-    c:\users\Agent86\AppData\Local\VC2MmUT.vbs
2014-12-18 21:55 . 2014-12-18 21:55    111016    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2014-12-18 21:55 . 2014-12-18 21:55    319912    ----a-w-    c:\windows\system32\javaws.exe
2014-12-18 21:55 . 2014-12-18 21:55    189352    ----a-w-    c:\windows\system32\javaw.exe
2014-12-18 21:55 . 2014-12-18 21:55    189352    ----a-w-    c:\windows\system32\java.exe
2014-12-17 14:08 . 2014-03-24 14:40    4441216    ----a-w-    c:\windows\system32\MetaViewer64.dll
2014-12-13 05:09 . 2014-12-18 20:33    144384    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-18 20:33    115712    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2014-12-04 02:50 . 2014-12-09 20:36    413184    ----a-w-    c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-09 20:36    741376    ----a-w-    c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-09 20:36    396800    ----a-w-    c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-09 20:36    830976    ----a-w-    c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-09 20:36    192000    ----a-w-    c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-09 20:36    227328    ----a-w-    c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-09 20:36    1083392    ----a-w-    c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-09 20:36    1232040    ----a-w-    c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-09 20:31    389296    ----a-w-    c:\windows\system32\iedkcs32.dll
2014-11-22 10:46 . 2014-12-17 13:21    38032    ----a-w-    c:\windows\system32\drivers\nvvad64v.sys
2014-11-22 10:46 . 2014-12-17 13:21    32400    ----a-w-    c:\windows\SysWow64\nvaudcap32v.dll
2014-11-22 10:46 . 2014-04-19 19:27    35472    ----a-w-    c:\windows\system32\nvaudcap64v.dll
2014-11-22 03:13 . 2014-12-09 20:31    25059840    ----a-w-    c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-09 20:31    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-09 20:31    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-09 20:31    66560    ----a-w-    c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-09 20:31    580096    ----a-w-    c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-09 20:31    48640    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-09 20:31    2885120    ----a-w-    c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-09 20:31    88064    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-09 20:31    54784    ----a-w-    c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-09 20:31    34304    ----a-w-    c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-09 20:31    633856    ----a-w-    c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-09 20:31    114688    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-09 20:31    814080    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-09 20:31    6039552    ----a-w-    c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-09 20:31    968704    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-09 20:31    490496    ----a-w-    c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-09 20:31    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-09 20:31    77824    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-09 20:31    199680    ----a-w-    c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-09 20:31    92160    ----a-w-    c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-09 20:31    501248    ----a-w-    c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-09 20:31    62464    ----a-w-    c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-09 20:31    47616    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-09 20:31    64000    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-09 20:31    316928    ----a-w-    c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-09 20:31    620032    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-09 20:31    718848    ----a-w-    c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-09 20:31    800768    ----a-w-    c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-09 20:31    1359360    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-09 20:31    2125312    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-09 20:31    14412800    ----a-w-    c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-09 20:31    60416    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-09 20:31    4299264    ----a-w-    c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-09 20:31    2358272    ----a-w-    c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-09 20:31    2052096    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-09 20:31    1155072    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-09 20:31    1548288    ----a-w-    c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-09 20:31    800768    ----a-w-    c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-09 20:31    1888256    ----a-w-    c:\windows\SysWow64\wininet.dll
2014-11-21 11:14 . 2014-12-20 23:39    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-11-21 11:14 . 2014-12-20 23:39    93400    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 11:14 . 2014-12-20 23:39    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-11-13 00:20 . 2014-11-28 15:36    1876296    ----a-w-    c:\windows\system32\nvdispco6434475.dll
2014-11-13 00:20 . 2014-11-28 15:36    1540424    ----a-w-    c:\windows\system32\nvdispgenco6434475.dll
2014-11-11 03:09 . 2014-12-09 20:37    1424384    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 18:30    241152    ----a-w-    c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 18:30    728064    ----a-w-    c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-09 20:37    1230336    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 18:30    186880    ----a-w-    c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 18:30    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-09 20:36    119296    ----a-w-    c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-09 20:31    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-09 20:31    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2014-10-30 04:53 . 2014-11-04 20:50    1876296    ----a-w-    c:\windows\system32\nvdispco6434460.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09    131480    ----a-w-    c:\users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09    131480    ----a-w-    c:\users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09    131480    ----a-w-    c:\users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09    131480    ----a-w-    c:\users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09    131480    ----a-w-    c:\users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09    131480    ----a-w-    c:\users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09    131480    ----a-w-    c:\users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09    131480    ----a-w-    c:\users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GamingMouse"="c:\program files (x86)\Gaming Mouse\hid.exe" [2013-04-11 262656]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-09 5227112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 PSMNBUS;Pantech Android USB Composite Device Ver1 Driver;c:\windows\system32\DRIVERS\PSMNBUS.sys;c:\windows\SYSNATIVE\DRIVERS\PSMNBUS.sys [x]
R3 PSMNMDM;Pantech Android USB Modem Ver1 Drivers;c:\windows\system32\DRIVERS\PSMNMDM.sys;c:\windows\SYSNATIVE\DRIVERS\PSMNMDM.sys [x]
R3 PSMNMDMVSP;Pantech Android MDM Diagnostic Serial Port Ver1;c:\windows\system32\DRIVERS\PSMNMDMVSP.sys;c:\windows\SYSNATIVE\DRIVERS\PSMNMDMVSP.sys [x]
R3 PSMNMSMVSP;Pantech Android MSM Diagnostic Serial Port Ver1;c:\windows\system32\DRIVERS\PSMNMSMVSP.sys;c:\windows\SYSNATIVE\DRIVERS\PSMNMSMVSP.sys [x]
R3 PSMNNET61;Pantech Android MDM WWAN (NDIS6.1);c:\windows\system32\DRIVERS\PSMNNET61.sys;c:\windows\SYSNATIVE\DRIVERS\PSMNNET61.sys [x]
R3 PSMNRMNET;Pantech Android MDM RMNET Device;c:\windows\system32\DRIVERS\PSMNRMNET.sys;c:\windows\SYSNATIVE\DRIVERS\PSMNRMNET.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys;c:\windows\SYSNATIVE\DRIVERS\AsrRamDisk.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 iRacingService;iRacing.com Helper Service;c:\program files (x86)\iRacing\iRacingService.exe;c:\program files (x86)\iRacing\iRacingService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 DroidCam;DroidCam Virtual Audio;c:\windows\system32\DRIVERS\droidcam.sys;c:\windows\SYSNATIVE\DRIVERS\droidcam.sys [x]
S3 DroidCamVideo;DroidCam Source 3;c:\windows\system32\DRIVERS\droidcamvideo.sys;c:\windows\SYSNATIVE\DRIVERS\droidcamvideo.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-24 21:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10    164760    ----a-w-    c:\users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10    164760    ----a-w-    c:\users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10    164760    ----a-w-    c:\users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10    164760    ----a-w-    c:\users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10    164760    ----a-w-    c:\users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10    164760    ----a-w-    c:\users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10    164760    ----a-w-    c:\users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10    164760    ----a-w-    c:\users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-01-09 19:26    860984    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-18 11855976]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-01-16 2585928]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-01-16 1514528]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://192.168.1.6/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {D9305048-DD6B-4EDF-8706-096EBE24E1D7} - hxxp://192.168.1.6/IPCWeb.cab
FF - ProfilePath - c:\users\Agent86\AppData\Roaming\Mozilla\Firefox\Profiles\bshy3bmp.default\
FF - prefs.js: browser.startup.homepage - my.yahoo.com
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=mcafee&type=B111US0D20141222&p=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
Notify-LBTWlgn - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
   8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}"=hex:51,66,7a,6c,4c,1d,38,12,15,21,99,
   35,ad,10,d3,00,f6,8f,3c,cf,15,94,08,e1
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{7F6AFBF1-E065-4627-A2FD-810366367D01}"=hex:51,66,7a,6c,4c,1d,38,12,9f,f8,79,
   7b,57,ae,49,03,dd,eb,c2,43,63,68,39,15
"{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}"=hex:51,66,7a,6c,4c,1d,38,12,a6,91,9c,
   b3,81,90,8c,54,e5,1c,b8,24,2d,43,2e,ca
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:43,29,e7,ba,19,d1,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6d,fa,23,09,ef,93,c6,41,af,98,aa,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6d,fa,23,09,ef,93,c6,41,af,98,aa,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-01-24  18:14:03
ComboFix-quarantined-files.txt  2015-01-24 23:14
.
Pre-Run: 184,997,425,152 bytes free
Post-Run: 184,822,157,312 bytes free
.
- - End Of File - - 24ADA185C1F0BF8C76D1838CADEA199A
EA923EB0EC0060F1451E9AD7B5762CFE
 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Agent86 (administrator) on AGENT86-PC on 24-01-2015 20:47:23
Running from C:\Users\Agent86\Downloads
Loaded Profiles: Agent86 (Available profiles: Agent86)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) C:\Program Files (x86)\iRacing\iRacingService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\Gaming Mouse\hid.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\Gaming Mouse\trayicon.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-18] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Gaming Mouse\hid.exe [262656 2013-04-11] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKU\S-1-5-21-2993030579-955168000-2236405169-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2993030579-955168000-2236405169-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2993030579-955168000-2236405169-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2993030579-955168000-2236405169-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.6/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2993030579-955168000-2236405169-1000 -> {2AAC893C-3A01-41CA-BBD9-D721BFDCA843} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US0D20141222&p={SearchTerms}
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D9305048-DD6B-4EDF-8706-096EBE24E1D7} http://192.168.1.6/IPCWeb.cab
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Agent86\AppData\Roaming\Mozilla\Firefox\Profiles\bshy3bmp.default
FF DefaultSearchEngine: Bing
FF Homepage: my.yahoo.com
FF Keyword.URL: https://search.yahoo.com/search?fr=mcafee&type=B111US0D20141222&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Agent86\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin HKU\S-1-5-21-2993030579-955168000-2236405169-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Agent86\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Xmarks - C:\Users\Agent86\AppData\Roaming\Mozilla\Firefox\Profiles\bshy3bmp.default\Extensions\foxmarks@kei.com [2014-11-22]
FF Extension: Super Web Accelerator ! - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\firefox [2015-01-23]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-01-31]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-09]

Chrome:
=======
CHR Profile: C:\Users\Agent86\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-09] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-09] (Avast Software)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 iRacingService; C:\Program Files (x86)\iRacing\iRacingService.exe [798840 2015-01-08] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [34640 2012-08-09] (ASRock Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-09] ()
R3 DroidCam; C:\Windows\System32\DRIVERS\droidcam.sys [33080 2014-12-25] (Dev47Apps)
R3 DroidCamVideo; C:\Windows\System32\DRIVERS\droidcamvideo.sys [228408 2014-12-25] (Dev47Apps)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 PSMNBUS; C:\Windows\System32\DRIVERS\PSMNBUS.sys [102784 2011-10-07] (DEVGURU Co., LTD.)
S3 PSMNMDM; C:\Windows\System32\DRIVERS\PSMNMDM.sys [183680 2011-10-07] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PSMNMDMVSP; C:\Windows\System32\DRIVERS\PSMNMDMVSP.sys [183808 2011-10-07] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PSMNMSMVSP; C:\Windows\System32\DRIVERS\PSMNMSMVSP.sys [183808 2011-10-07] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PSMNNET61; C:\Windows\System32\DRIVERS\PSMNNET61.sys [113408 2011-10-07] (DEVGURU Co., LTD.)
S3 PSMNRMNET; C:\Windows\System32\DRIVERS\PSMNRMNET.sys [63744 2011-10-07] (DEVGURU Co., LTD.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-09] (Avast Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-24 20:47 - 2015-01-24 20:47 - 00014623 _____ () C:\Users\Agent86\Downloads\FRST.txt
2015-01-24 20:28 - 2015-01-24 20:28 - 00000247 _____ () C:\Windows\system32\2015-01-25-01-28-30.024-aswFe.exe-4772.log
2015-01-24 20:21 - 2015-01-24 20:28 - 00000247 _____ () C:\Windows\system32\2015-01-25-01-21-39.096-aswFe.exe-1812.log
2015-01-24 20:21 - 2015-01-24 20:21 - 00000197 _____ () C:\Windows\system32\2015-01-25-01-21-29.079-AvastVBoxSVC.exe-5960.log
2015-01-24 20:09 - 2015-01-24 20:09 - 00000546 _____ () C:\Windows\PFRO.log
2015-01-24 20:09 - 2015-01-24 20:09 - 00000168 _____ () C:\Windows\setupact.log
2015-01-24 20:09 - 2015-01-24 20:09 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-24 18:14 - 2015-01-24 18:14 - 00034704 _____ () C:\ComboFix.txt
2015-01-24 18:03 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-24 18:03 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-24 18:03 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-24 18:03 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-24 18:03 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-24 18:03 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-24 18:03 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-24 18:03 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-24 18:02 - 2015-01-24 18:14 - 00000000 ____D () C:\Qoobox
2015-01-24 18:02 - 2015-01-24 18:14 - 00000000 ____D () C:\ComboFix
2015-01-24 18:02 - 2015-01-24 18:12 - 00000000 ____D () C:\Windows\erdnt
2015-01-24 18:02 - 2015-01-24 18:02 - 05609462 ____R (Swearware) C:\Users\Agent86\Downloads\ComboFix.exe
2015-01-24 17:59 - 2015-01-24 17:59 - 00380416 _____ () C:\Users\Agent86\Downloads\2p2ugq0y.exe
2015-01-24 17:54 - 2015-01-24 17:54 - 00023080 _____ () C:\Users\Agent86\Documents\cc_20150124_175443.reg
2015-01-24 17:48 - 2015-01-24 17:48 - 00000197 _____ () C:\Windows\system32\2015-01-24-22-48-53.047-AvastVBoxSVC.exe-3428.log
2015-01-24 15:06 - 2015-01-24 15:06 - 00000197 _____ () C:\Windows\system32\2015-01-24-20-06-02.064-AvastVBoxSVC.exe-3804.log
2015-01-23 19:35 - 2015-01-23 19:35 - 00000197 _____ () C:\Windows\system32\2015-01-24-00-35-37.041-AvastVBoxSVC.exe-2988.log
2015-01-23 17:07 - 2015-01-24 19:54 - 00000000 ____D () C:\Users\Agent86\Desktop\New folder
2015-01-23 17:07 - 2015-01-23 17:07 - 00000197 _____ () C:\Windows\system32\2015-01-23-22-07-33.044-AvastVBoxSVC.exe-3184.log
2015-01-23 16:51 - 2015-01-23 16:51 - 00000476 _____ () C:\Users\Agent86\Downloads\defogger_disable.log
2015-01-23 16:51 - 2015-01-23 16:51 - 00000000 _____ () C:\Users\Agent86\defogger_reenable
2015-01-23 10:48 - 2015-01-23 10:48 - 00000000 ____D () C:\ProgramData\Dsp
2015-01-23 10:03 - 2015-01-23 10:03 - 00003242 _____ () C:\Windows\System32\Tasks\WinKit
2015-01-23 10:03 - 2015-01-23 10:03 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\Convertor
2015-01-23 10:00 - 2015-01-23 10:00 - 00000197 _____ () C:\Windows\system32\2015-01-23-15-00-50.006-AvastVBoxSVC.exe-3360.log
2015-01-23 09:53 - 2015-01-09 17:27 - 00621200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-01-23 09:51 - 2015-01-12 23:15 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-01-23 09:51 - 2015-01-10 03:07 - 32102544 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-23 09:51 - 2015-01-10 03:07 - 25459856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-23 09:51 - 2015-01-10 03:07 - 24765584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-23 09:51 - 2015-01-10 03:07 - 20465296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-23 09:51 - 2015-01-10 03:07 - 16009120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-01-23 09:51 - 2015-01-10 03:07 - 13295552 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-23 09:51 - 2015-01-10 03:07 - 13210248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-23 09:51 - 2015-01-10 03:07 - 10774544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-23 09:51 - 2015-01-10 03:07 - 10714488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-23 09:51 - 2015-01-10 03:07 - 10274448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-23 09:51 - 2015-01-10 03:07 - 03607184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-23 09:51 - 2015-01-10 03:07 - 03245712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-23 09:51 - 2015-01-10 03:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-01-23 09:51 - 2015-01-10 03:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-01-23 09:51 - 2015-01-10 03:07 - 00994712 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-01-23 09:51 - 2015-01-10 03:07 - 00969360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-23 09:51 - 2015-01-10 03:07 - 00942736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-23 09:51 - 2015-01-10 03:07 - 00929424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-23 09:51 - 2015-01-10 03:07 - 00906384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-23 09:51 - 2015-01-10 03:07 - 00877488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-01-23 09:51 - 2015-01-10 03:07 - 00496456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-01-23 09:51 - 2015-01-10 03:07 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-01-23 09:51 - 2015-01-10 03:07 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-01-23 09:51 - 2015-01-10 03:07 - 00353040 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-01-23 09:51 - 2015-01-10 03:07 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-01-23 09:51 - 2015-01-10 03:07 - 00305320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-01-23 09:51 - 2015-01-10 03:07 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-23 09:51 - 2015-01-10 03:07 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-23 09:51 - 2015-01-10 03:07 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-01-23 09:42 - 2015-01-23 09:43 - 00000197 _____ () C:\Windows\system32\2015-01-23-14-42-58.052-AvastVBoxSVC.exe-2992.log
2015-01-22 15:32 - 2015-01-22 15:32 - 00000000 ____D () C:\Users\Agent86\Downloads\58_template_CCB
2015-01-22 13:46 - 2015-01-22 13:47 - 00000197 _____ () C:\Windows\system32\2015-01-22-18-46-37.066-AvastVBoxSVC.exe-2160.log
2015-01-21 13:55 - 2015-01-21 13:55 - 00000197 _____ () C:\Windows\system32\2015-01-21-18-55-47.060-AvastVBoxSVC.exe-3344.log
2015-01-20 16:33 - 2015-01-20 16:33 - 00000000 ____D () C:\Users\Agent86\AppData\Local\ORPALIS
2015-01-20 16:29 - 2015-01-20 16:29 - 00000000 ____D () C:\Users\Agent86\AppData\Local\Downloaded Installations
2015-01-20 15:42 - 2015-01-20 15:42 - 00000197 _____ () C:\Windows\system32\2015-01-20-20-42-28.041-AvastVBoxSVC.exe-4092.log
2015-01-20 15:16 - 2015-01-20 15:16 - 00003228 _____ () C:\Windows\System32\Tasks\{120443CF-9FB2-4274-8110-7A74B925A341}
2015-01-20 15:16 - 2007-06-27 11:32 - 00634880 _____ (Hewlett-Packard) C:\Windows\system32\hpgt7800.dll
2015-01-20 10:21 - 2015-01-20 10:21 - 00000197 _____ () C:\Windows\system32\2015-01-20-15-21-38.085-AvastVBoxSVC.exe-4104.log
2015-01-19 19:27 - 2015-01-19 19:27 - 00003205 _____ () C:\Users\Agent86\.recently-used.xbel
2015-01-19 10:21 - 2015-01-19 10:21 - 00000197 _____ () C:\Windows\system32\2015-01-19-15-21-34.005-AvastVBoxSVC.exe-1120.log
2015-01-18 16:15 - 2015-01-18 16:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-18 09:24 - 2015-01-18 09:24 - 00000197 _____ () C:\Windows\system32\2015-01-18-14-24-03.032-AvastVBoxSVC.exe-2144.log
2015-01-17 15:35 - 2015-01-17 15:36 - 00000197 _____ () C:\Windows\system32\2015-01-17-20-35-28.099-AvastVBoxSVC.exe-3252.log
2015-01-16 09:16 - 2015-01-16 09:16 - 00000197 _____ () C:\Windows\system32\2015-01-16-14-16-48.044-AvastVBoxSVC.exe-4460.log
2015-01-16 08:53 - 2015-01-16 08:53 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Agent86\Downloads\rkill.exe
2015-01-16 07:50 - 2015-01-16 07:50 - 00000197 _____ () C:\Windows\system32\2015-01-16-12-50-08.033-AvastVBoxSVC.exe-3136.log
2015-01-15 15:34 - 2015-01-15 15:34 - 00000197 _____ () C:\Windows\system32\2015-01-15-20-34-01.065-AvastVBoxSVC.exe-4196.log
2015-01-14 16:24 - 2015-01-14 16:24 - 00000197 _____ () C:\Windows\system32\2015-01-14-21-24-15.062-AvastVBoxSVC.exe-3716.log
2015-01-14 12:18 - 2015-01-14 12:18 - 00000197 _____ () C:\Windows\system32\2015-01-14-17-18-53.083-AvastVBoxSVC.exe-3176.log
2015-01-14 12:08 - 2015-01-14 12:08 - 00000197 _____ () C:\Windows\system32\2015-01-14-17-08-49.028-AvastVBoxSVC.exe-3048.log
2015-01-14 12:01 - 2015-01-23 17:03 - 00000000 ____D () C:\AdwCleaner
2015-01-14 11:22 - 2015-01-14 11:22 - 00000197 _____ () C:\Windows\system32\2015-01-14-16-22-16.007-AvastVBoxSVC.exe-3220.log
2015-01-14 11:18 - 2015-01-14 11:19 - 00050477 _____ () C:\Users\Agent86\Downloads\Defogger.exe
2015-01-14 08:21 - 2015-01-14 08:21 - 00000197 _____ () C:\Windows\system32\2015-01-14-13-21-50.076-AvastVBoxSVC.exe-4060.log
2015-01-14 08:06 - 2014-12-13 05:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2015-01-14 08:06 - 2014-12-13 05:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2015-01-14 08:06 - 2014-10-09 12:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-01-14 08:06 - 2014-10-09 12:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-01-14 08:06 - 2014-10-09 02:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2015-01-14 08:02 - 2015-01-14 08:02 - 00000197 _____ () C:\Windows\system32\2015-01-14-13-02-02.064-AvastVBoxSVC.exe-2912.log
2015-01-13 17:07 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 17:07 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 17:07 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 17:07 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 17:07 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 17:07 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 17:07 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 17:07 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 17:07 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 17:07 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 17:07 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 17:07 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 17:07 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 13:42 - 2015-01-13 13:42 - 00000197 _____ () C:\Windows\system32\2015-01-13-18-42-25.051-AvastVBoxSVC.exe-3028.log
2015-01-12 13:22 - 2015-01-12 13:23 - 00000197 _____ () C:\Windows\system32\2015-01-12-18-22-42.075-AvastVBoxSVC.exe-4296.log
2015-01-11 09:30 - 2015-01-11 09:31 - 00000197 _____ () C:\Windows\system32\2015-01-11-14-30-58.063-AvastVBoxSVC.exe-4652.log
2015-01-10 09:14 - 2015-01-10 09:14 - 00000197 _____ () C:\Windows\system32\2015-01-10-14-14-13.021-AvastVBoxSVC.exe-1960.log
2015-01-09 14:50 - 2015-01-09 14:50 - 00000247 _____ () C:\Windows\system32\2015-01-09-19-50-06.058-aswFe.exe-5204.log
2015-01-09 14:41 - 2015-01-09 14:50 - 00000247 _____ () C:\Windows\system32\2015-01-09-19-41-22.065-aswFe.exe-3144.log
2015-01-09 14:41 - 2015-01-09 14:41 - 00000197 _____ () C:\Windows\system32\2015-01-09-19-41-16.072-AvastVBoxSVC.exe-3900.log
2015-01-09 14:30 - 2015-01-09 14:30 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\AVAST Software
2015-01-09 14:28 - 2015-01-09 14:28 - 00001924 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-09 14:28 - 2015-01-09 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-09 14:27 - 2015-01-24 17:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-09 14:27 - 2015-01-09 14:28 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-01-09 14:27 - 2015-01-09 14:26 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-01-09 14:27 - 2015-01-09 14:26 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-09 14:27 - 2015-01-09 14:26 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-09 14:27 - 2015-01-09 14:26 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-09 14:27 - 2015-01-09 14:26 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-09 14:27 - 2015-01-09 14:26 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-09 14:26 - 2015-01-09 14:27 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-09 14:26 - 2015-01-09 14:26 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-09 14:26 - 2015-01-09 14:26 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-09 14:24 - 2015-01-09 14:24 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-09 14:22 - 2015-01-09 14:22 - 05006864 _____ (AVAST Software) C:\Users\Agent86\Downloads\avast_free_antivirus_setup_online.exe
2015-01-06 15:31 - 2015-01-06 15:31 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-12-31 22:32 - 2014-12-31 22:32 - 00000000 ____D () C:\Users\Public\Documents\Arc
2014-12-25 22:16 - 2014-12-25 22:16 - 00000000 ____D () C:\Users\Agent86\.gradle
2014-12-25 22:15 - 2014-12-25 22:15 - 00000000 ____D () C:\Users\Agent86\AndroidStudioProjects
2014-12-25 09:37 - 2014-12-25 11:05 - 00000022 _____ () C:\ProgramData\droidcam-settings
2014-12-25 09:16 - 2014-12-25 09:16 - 00001022 _____ () C:\Users\Agent86\Desktop\DroidCamApp.lnk
2014-12-25 09:16 - 2014-12-25 09:16 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DroidCam
2014-12-25 09:14 - 2014-12-25 09:16 - 00000000 ____D () C:\Program Files (x86)\DroidCam
2014-12-25 09:14 - 2014-12-25 09:14 - 00228408 _____ (Dev47Apps) C:\Windows\system32\Drivers\droidcamvideo.sys
2014-12-25 09:14 - 2014-12-25 09:14 - 00033080 _____ (Dev47Apps) C:\Windows\system32\Drivers\droidcam.sys
2014-12-25 09:14 - 2014-12-25 09:14 - 00000000 ____D () C:\Users\Agent86\Downloads\DroidCam.Client.5.0.1

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-24 20:47 - 2014-12-22 13:20 - 00000000 ____D () C:\FRST
2015-01-24 20:46 - 2014-12-22 13:20 - 02129920 _____ (Farbar) C:\Users\Agent86\Downloads\FRST64.exe
2015-01-24 20:36 - 2013-05-24 15:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-24 20:16 - 2009-07-13 23:45 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-24 20:16 - 2009-07-13 23:45 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-24 20:13 - 2013-05-25 04:43 - 01787992 _____ () C:\Windows\WindowsUpdate.log
2015-01-24 20:09 - 2013-05-24 14:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-24 20:09 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-24 18:14 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2015-01-24 18:12 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-24 17:53 - 2014-05-02 11:55 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-24 17:52 - 2014-12-22 21:29 - 00000000 ____D () C:\Users\Agent86\AppData\Local\CrashDumps
2015-01-24 16:36 - 2013-05-24 15:06 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 16:36 - 2013-05-24 15:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 16:36 - 2013-05-24 15:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-23 19:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SchCache
2015-01-23 17:09 - 2014-12-20 18:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-23 16:51 - 2013-05-24 13:45 - 00000000 ____D () C:\Users\Agent86
2015-01-23 12:33 - 2014-05-02 13:26 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-23 10:15 - 2014-12-22 08:50 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\jellylam
2015-01-23 10:03 - 2014-12-22 08:50 - 00000852 __RSH () C:\ProgramData\ntuser.pol
2015-01-23 10:03 - 2014-12-18 18:32 - 00003784 _____ () C:\Windows\System32\Tasks\Convertor
2015-01-23 10:03 - 2014-12-18 18:32 - 00003300 _____ () C:\Windows\System32\Tasks\Winsta Update
2015-01-23 10:03 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-23 10:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-23 09:54 - 2013-05-24 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-23 09:53 - 2013-05-25 19:18 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\TS3Client
2015-01-21 22:55 - 2014-11-19 13:38 - 00000000 ___RD () C:\Users\Agent86\Dropbox
2015-01-21 22:55 - 2014-11-19 13:36 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\Dropbox
2015-01-19 19:44 - 2014-09-06 13:34 - 00000000 ____D () C:\Users\Agent86\Documents\iRacing
2015-01-19 10:20 - 2013-05-24 15:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-17 16:50 - 2013-05-24 13:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-16 09:16 - 2013-09-30 17:24 - 00000008 __RSH () C:\Users\Agent86\ntuser.pol
2015-01-16 01:41 - 2014-06-23 15:28 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-01-16 01:41 - 2014-06-23 15:28 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-01-16 01:41 - 2014-04-19 14:27 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-01-16 01:41 - 2014-04-19 14:27 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-01-15 15:46 - 2013-08-14 20:15 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 15:42 - 2013-05-25 10:54 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-10 03:07 - 2014-11-28 10:36 - 02902456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-01-10 03:07 - 2014-01-16 16:33 - 17250776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-10 03:07 - 2013-10-27 09:12 - 18566296 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-01-10 03:07 - 2013-05-24 14:06 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-01-10 03:07 - 2013-05-24 14:06 - 00060744 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-01-10 03:07 - 2013-02-25 23:32 - 14115944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-01-10 03:07 - 2013-02-25 23:32 - 03298816 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-01-09 18:30 - 2013-05-24 14:06 - 06860432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-01-09 18:30 - 2013-05-24 14:06 - 03517256 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-01-09 18:29 - 2013-05-24 14:06 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-01-09 18:29 - 2013-05-24 14:06 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-01-09 18:29 - 2013-05-24 14:06 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-01-09 18:29 - 2013-05-24 14:06 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-01-09 15:29 - 2014-12-22 13:23 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-09 14:47 - 2013-05-24 14:06 - 04173527 _____ () C:\Windows\system32\nvcoproc.bin
2015-01-09 14:24 - 2013-05-24 15:20 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-09 14:20 - 2013-05-24 14:07 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-09 14:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Web
2015-01-08 20:24 - 2014-09-06 13:10 - 00000000 ____D () C:\Program Files (x86)\iRacing
2015-01-06 11:35 - 2014-12-18 18:32 - 00000000 ____D () C:\Program Files (x86)\Winsta
2015-01-06 11:30 - 2009-07-14 00:08 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-06 04:36 - 2013-05-24 14:26 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-26 21:29 - 2013-10-18 16:23 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-26 21:29 - 2013-06-22 19:27 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-25 09:37 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2014-08-09 11:58 - 2014-08-07 23:58 - 0000044 ____H () C:\Program Files (x86)\521ff3bb.tmp
2014-12-22 08:45 - 2014-12-22 08:45 - 0000036 _____ () C:\Users\Agent86\AppData\Local\housecall.guid.cache
2013-11-22 21:38 - 2014-09-25 14:40 - 0007601 _____ () C:\Users\Agent86\AppData\Local\resmon.resmoncfg
2014-12-18 18:32 - 2014-12-18 18:32 - 0000376 _____ () C:\Users\Agent86\AppData\Local\VC2MmUT.vbs
2014-12-25 09:37 - 2014-12-25 11:05 - 0000022 _____ () C:\ProgramData\droidcam-settings

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 15:19

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Agent86 at 2015-01-24 20:47:55
Running from C:\Users\Agent86\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AirMech (HKLM-x32\...\Steam App 206500) (Version:  - Carbon Games)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
ASRock eXtreme Tuner v0.1.381.1 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version:  - )
ASRock XFast RAM v2.0.28 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)
ATI Catalyst Install Manager (HKLM\...\{2770B8D8-701A-1D22-635F-8711DFC06B92}) (Version: 3.0.762.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Avconv (HKU\S-1-5-21-2993030579-955168000-2236405169-1000\...\309e5e15afa98792) (Version: 1.0.0.1 - Koxx)
Battle Nations (HKLM-x32\...\Steam App 251670) (Version:  - Z2)
Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.3 - Broadcom Corporation)
Cannons Lasers Rockets (HKLM-x32\...\Steam App 265770) (Version:  - Net Games Laboratory)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CPUID HWMonitor 1.22 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Dropbox (HKU\S-1-5-21-2993030579-955168000-2236405169-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.105 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.105 - Etron Technology) Hidden
Evochron Mercenary (HKLM-x32\...\Evochron Mercenary_is1) (Version:  - StarWraith 3D Games LLC)
Evolution RTS (HKLM-x32\...\Steam App 291150) (Version:  - Frozen Yak Entertainment)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Gaming Mouse (HKLM-x32\...\{A7B243AA-6D4C-4575-A873-6F01A1EFC5E2}}_is1) (Version:  - )
Geany 1.23.1 (HKLM-x32\...\Geany) (Version: 1.23.1 - The Geany developer team)
HAWKEN (HKLM-x32\...\Steam App 271290) (Version:  - Adhesive Games)
iRacing.com Race Simulation (HKLM-x32\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0487 - iRacing.com Motorsport Simulations)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java SE Development Kit 7 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)
LibreOffice 4.2.2.1 (HKLM-x32\...\{0ECDB550-79ED-4E9E-851B-19A8B2B4EBFA}) (Version: 4.2.2.1 - The Document Foundation)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
March of War (HKLM-x32\...\Steam App 234310) (Version:  - ISOTX)
MechWarrior Online (HKLM-x32\...\{ffbbd184-8eba-469f-bb26-ea4e1f6bfd4c}) (Version: 1.4.1.0 - Piranha Games Inc.)
MechWarrior Online (x32 Version: 1.4.1.0 - Piranha Games Inc.) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Moon Breakers (HKLM-x32\...\Steam App 208030) (Version:  - Imba Entertainment)
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
NASCAR '14 (HKLM-x32\...\Steam App 254130) (Version:  - Eutechnyx)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.25 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OANDA - MetaTrader (HKLM-x32\...\OANDA - MetaTrader) (Version: 4.00 - MetaQuotes Software Corp.)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Overwolf.Setup.VC100CRTx64.Dist (HKLM\...\{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}) (Version: 1.0.0 - Overwolf)
Pantech Android USB Driver Ver1 (HKLM\...\{19E88D03-44D4-46aa-9F3C-D6CFC035BFE6}) (Version: 1.1.0.0 - Pantech)
Pantech PC Suite (HKLM-x32\...\Pantech PC Suite) (Version: 1.1.1.3437 - MobileLeader)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
Python 2.7.3 (HKLM-x32\...\{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.2-1.0.11364.75 - raidcall.com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6378 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Star Conflict Launcher 1.0.1.18 (HKLM-x32\...\StarConflictLauncher_is1) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Thrustmaster Force Feedback Driver (HKLM-x32\...\{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}) (Version: 2.FFD.2009 - Thrustmaster)
Trading Paints (HKLM-x32\...\{03C0A801-FC2F-442C-A0BD-DB63B373DE27}) (Version: 1.1.1 - Shawn05.com)
Unity Web Player (HKU\S-1-5-21-2993030579-955168000-2236405169-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
War Thunder Launcher 1.0.1.199 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - 2012 Gaijin Entertainment Corporation)
Wargame: AirLand Battle (HKLM-x32\...\Steam App 222750) (Version:  - Eugen Systems)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813NA}_is1) (Version:  - Wargaming.net)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2993030579-955168000-2236405169-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Agent86\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2993030579-955168000-2236405169-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2993030579-955168000-2236405169-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2993030579-955168000-2236405169-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2993030579-955168000-2236405169-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2993030579-955168000-2236405169-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2993030579-955168000-2236405169-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2993030579-955168000-2236405169-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2993030579-955168000-2236405169-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

18-12-2014 15:42:50 Windows Update
18-12-2014 16:53:59 Installed Java SE Development Kit 7 Update 71 (64-bit)
18-12-2014 16:55:14 Installed Java 7 Update 71 (64-bit)
18-12-2014 23:05:44 Installed Pantech Burst OS Upgrade Tool
20-12-2014 19:27:00 avast! antivirus system restore point
20-12-2014 20:35:31 Removed Pantech Burst OS Upgrade Tool
20-12-2014 20:36:20 Removed PingPlotter Standard 3.42.3s
22-12-2014 08:36:41 avast! antivirus system restore point
22-12-2014 21:26:48 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
22-12-2014 21:27:38 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
25-12-2014 09:14:45 Device Driver Package Install: Dev47Apps.com Sound, video and game controllers
25-12-2014 09:15:42 Device Driver Package Install: Dev47Apps.com Sound, video and game controllers
26-12-2014 21:29:15 McAfee Vulnerability Scanner
02-01-2015 19:29:55 McAfee Vulnerability Scanner
09-01-2015 14:23:38 avast! antivirus system restore point
10-01-2015 10:00:48 Windows Update
13-01-2015 17:03:35 Windows Update
13-01-2015 22:35:17 Windows Update
15-01-2015 15:42:06 Windows Update
17-01-2015 16:49:35 Removed Arc
20-01-2015 10:23:49 Windows Update
23-01-2015 10:28:44 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-01-24 18:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {021EF2CB-EB93-48DF-AFBD-9492D759D600} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-09] (AVAST Software)
Task: {35CFA5FB-054C-4733-B9E0-453347B16272} - System32\Tasks\WinKit => C:\Users\Agent86\AppData\Roaming\WinKit\Updater.exe
Task: {5CB524E1-70E9-44AD-8B93-16DE8EE136C4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
Task: {5F5993EF-D94F-4DF2-BE9E-8953F2CD6670} - System32\Tasks\{EBD40329-5032-4591-AB22-A5CEF5BC3B52} => pcalua.exe -a "C:\Program Files\TeamSpeak 3 Client\plugins\ts3overlay\InstallHook.exe" -d "C:\Program Files\TeamSpeak 3 Client\plugins\ts3overlay\" -c ts3overlay_hook_win32.dll 10000
Task: {62C40D6F-81CB-4CA2-A197-DEC49F441829} - System32\Tasks\Convertor => C:\Users\Agent86\AppData\Roaming\Convertor\Convertor.exe [2015-01-21] ()
Task: {910D1BCB-AAFB-4352-B2CC-9433025E1334} - System32\Tasks\{120443CF-9FB2-4274-8110-7A74B925A341} => pcalua.exe -a C:\Users\Agent86\Downloads\hp_scanjet7800_20\setup_basic_7800.exe -d C:\Users\Agent86\Downloads\hp_scanjet7800_20
Task: {CA7C18C9-A6EE-427C-B832-684C557D8AD3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {EED9E3DB-D56A-4EDB-AD91-ECDA472FD90E} - System32\Tasks\Winsta Update => C:\Users\Agent86\AppData\Roaming\Winsta\Winsta.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-05-24 14:06 - 2015-01-09 18:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-16 16:18 - 2013-04-11 09:24 - 00262656 _____ () C:\Program Files (x86)\Gaming Mouse\hid.exe
2014-01-16 16:18 - 2013-03-08 17:39 - 00256512 _____ () C:\Program Files (x86)\Gaming Mouse\trayicon.exe
2014-04-19 14:27 - 2015-01-16 01:42 - 00715080 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2014-04-19 14:27 - 2015-01-16 01:42 - 00854344 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2015-01-09 14:25 - 2015-01-09 14:25 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2015-01-09 14:25 - 2015-01-09 14:25 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2015-01-24 15:05 - 2015-01-24 15:05 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012401\algo.dll
2015-01-09 14:25 - 2015-01-09 14:25 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-01-16 16:18 - 2013-01-15 17:06 - 00061952 _____ () C:\Program Files (x86)\Gaming Mouse\HidDevice.dll
2015-01-09 14:26 - 2015-01-09 14:26 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-16 16:18 - 2011-11-22 14:18 - 00249856 _____ () C:\Program Files (x86)\Gaming Mouse\language.dll
2015-01-18 16:15 - 2015-01-18 16:15 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2993030579-955168000-2236405169-500 - Administrator - Disabled)
Agent86 (S-1-5-21-2993030579-955168000-2236405169-1000 - Administrator - Enabled) => C:\Users\Agent86
Guest (S-1-5-21-2993030579-955168000-2236405169-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/23/2015 00:32:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ENGINE.EXE, version: 0.0.0.47437, time stamp: 0x54b37453
Faulting module name: nmconew.dll_unloaded, version: 0.0.0.0, time stamp: 0x5178a4ff
Exception code: 0xc0000005
Fault offset: 0x2069698d
Faulting process id: 0x1130
Faulting application start time: 0xENGINE.EXE0
Faulting application path: ENGINE.EXE1
Faulting module path: ENGINE.EXE2
Report Id: ENGINE.EXE3

Error: (01/23/2015 10:03:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: ZMODOOCX.ocx, version: 1.1.6.33, time stamp: 0x5369e8ce
Exception code: 0xc0000005
Fault offset: 0x00052043
Faulting process id: 0xc4c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (01/23/2015 10:01:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: ZMODOOCX.ocx, version: 1.1.6.33, time stamp: 0x5369e8ce
Exception code: 0xc0000005
Fault offset: 0x00052043
Faulting process id: 0xd58
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (01/23/2015 10:01:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: ZMODOOCX.ocx, version: 1.1.6.33, time stamp: 0x5369e8ce
Exception code: 0xc0000005
Fault offset: 0x00052043
Faulting process id: 0x1580
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (01/23/2015 10:01:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: ZMODOOCX.ocx, version: 1.1.6.33, time stamp: 0x5369e8ce
Exception code: 0xc0000005
Fault offset: 0x00052043
Faulting process id: 0x15d0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (01/23/2015 10:00:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: ZMODOOCX.ocx, version: 1.1.6.33, time stamp: 0x5369e8ce
Exception code: 0xc0000005
Fault offset: 0x00052043
Faulting process id: 0x147c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (01/23/2015 09:50:05 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (01/20/2015 05:26:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NASCAR14.exe, version: 1.0.0.1, time stamp: 0x5416fa99
Faulting module name: NASCAR14.exe, version: 1.0.0.1, time stamp: 0x5416fa99
Exception code: 0x80000003
Fault offset: 0x003ba664
Faulting process id: 0xfb0
Faulting application start time: 0xNASCAR14.exe0
Faulting application path: NASCAR14.exe1
Faulting module path: NASCAR14.exe2
Report Id: NASCAR14.exe3

Error: (01/20/2015 04:41:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mspaint.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 6b0

Start Time: 01d034f9a60c73ae

Termination Time: 31

Application Path: C:\Windows\system32\mspaint.exe

Report Id:

Error: (01/20/2015 04:39:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mspaint.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 42c

Start Time: 01d034f950b473cb

Termination Time: 0

Application Path: C:\Windows\system32\mspaint.exe

Report Id:


System errors:
=============
Error: (01/24/2015 06:12:05 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (01/24/2015 06:11:35 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (01/24/2015 06:09:17 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (01/23/2015 05:03:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/23/2015 05:03:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Volume Shadow Copy service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/23/2015 05:03:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/23/2015 05:03:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/23/2015 05:03:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Network Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/23/2015 05:03:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iRacing.com Helper Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/23/2015 05:03:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA GeForce Experience Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (01/23/2015 00:32:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ENGINE.EXE0.0.0.4743754b37453nmconew.dll_unloaded0.0.0.05178a4ffc00000052069698d113001d03731387d8d6cC:\Program Files (x86)\Steam\steamapps\common\Combat Arms\ENGINE.EXEnmconew.dllbbef4296-a325-11e4-99da-bc5ff49bd49f

Error: (01/23/2015 10:03:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccZMODOOCX.ocx1.1.6.335369e8cec000000500052043c4c01d0371dad77b5c2C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\DOWNLO~1\ZMODOOCX.ocxeefb58f3-a310-11e4-99da-bc5ff49bd49f

Error: (01/23/2015 10:01:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccZMODOOCX.ocx1.1.6.335369e8cec000000500052043d5801d0371d8179454eC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\DOWNLO~1\ZMODOOCX.ocxc496552e-a310-11e4-99da-bc5ff49bd49f

Error: (01/23/2015 10:01:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccZMODOOCX.ocx1.1.6.335369e8cec000000500052043158001d0371d7404de25C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\DOWNLO~1\ZMODOOCX.ocxb52babab-a310-11e4-99da-bc5ff49bd49f

Error: (01/23/2015 10:01:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccZMODOOCX.ocx1.1.6.335369e8cec00000050005204315d001d0371d646cfa7dC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\DOWNLO~1\ZMODOOCX.ocxa5a93465-a310-11e4-99da-bc5ff49bd49f

Error: (01/23/2015 10:00:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccZMODOOCX.ocx1.1.6.335369e8cec000000500052043147c01d0371d3e21105fC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\DOWNLO~1\ZMODOOCX.ocx8faa1684-a310-11e4-99da-bc5ff49bd49f

Error: (01/23/2015 09:50:05 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files\CCleaner\ccleaner.exe

Error: (01/20/2015 05:26:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NASCAR14.exe1.0.0.15416fa99NASCAR14.exe1.0.0.15416fa9980000003003ba664fb001d034fbb4127b6dC:\Program Files (x86)\Steam\steamapps\common\NASCAR 14\bin\NASCAR14.exeC:\Program Files (x86)\Steam\steamapps\common\NASCAR 14\bin\NASCAR14.exe5e6cd1db-a0f3-11e4-8b46-bc5ff49bd49f

Error: (01/20/2015 04:41:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mspaint.exe6.1.7600.163856b001d034f9a60c73ae31C:\Windows\system32\mspaint.exe

Error: (01/20/2015 04:39:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mspaint.exe6.1.7600.1638542c01d034f950b473cb0C:\Windows\system32\mspaint.exe


CodeIntegrity Errors:
===================================
  Date: 2015-01-24 18:11:35.572
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-24 18:11:35.525
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD FX-8350 Eight-Core Processor
Percentage of memory in use: 14%
Total physical RAM: 16341.63 MB
Available physical RAM: 13904.95 MB
Total Pagefile: 32681.45 MB
Available Pagefile: 29949.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:494.73 GB) (Free:167.49 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C7DE05E6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=494.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=436.7 GB) - (Type=05)

==================== End Of Log ============================

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.